"Could not create SSL/TLS secure channel" error when authenticating to a web service using X.509

Question

I've seen several threads with the same error and tried various potential solutions, but so far no luck. I am working with a client's REST endpoint, which requires a client certificate to authenticate. I have the certificate and have installed it for the current user and the local machine by double-clicking the .pfx and completing the wizard. I also ran the following using winhttpcertcfg so that the app pool identity account (Network Service) can use the certificate:

winhttpcertcfg -i "<path to .pfx> -c LOCAL_MACHINE\My -a "Network Service" -p "<password for .pfx> 

I've added the certificates snap-in to MMC and added my certificate, so when I hit the API endpoint URL in Chrome, the certificate shows up and I click it, and I see the XML returned.

Unfortunately, the code I am using is encountering an error when trying to get a response. My code (which is within an MVC action):

        var url = "https://obfuscated.api.endpoint.host/api/Profile";
        var certPath = @"C:\Users\paldrich\AdvisorDirectoryClient.pfx";
        var xmlResult = string.Empty;

        try
        {
            ServicePointManager.Expect100Continue = true;
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 
                | SecurityProtocolType.Tls12;
            HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;
            request.ContentType = "application/xml;charset=UTF8";

            X509Certificate cert = new X509Certificate(certPath, "obfuscated-password");
            request.ClientCertificates.Add(cert);
            request.PreAuthenticate = true;

            var response = request.GetResponse();
            var responseStream = response.GetResponseStream();

            xmlResult = new StreamReader(responseStream).ReadToEnd();
        }
        catch (Exception ex)
        {
            Log.Error("Bio App web service call failed.", ex, "AdvisorController");
            xmlResult = ex.Message;
        }

        return Json(xmlResult, JsonRequestBehavior.AllowGet);

When it tries to get the response (response.GetResponse()), I see the following error: The request was aborted: Could not create SSL/TLS secure channel.

Things I've Tried:

• Granting full access for Network Service to my certificate under C:\Users\paldrich.
• Making the ServicePointManager.SecurityProtocol just SecurityProtocolType.Tls12 and also just SecurityProtocolType.Ssl3.
• Checking "Mark this key as exportable" in the certificate import wizard for both Current User and Local Machine.
• Verified that I have Use Tls 1.0, Use Tls 1.1 and Use Tls 1.2 all checked in Internet Properties.

Answer 1

I realized what my problem was after submitting this. I needed to use X509Certificate2 instead of X509Certificate (I figured this out by just trying 2), although I don't understand why, outside of the fact that X509Certificate2 is newer. Regardless, the XML is coming up; it is showing up as a Unicode converted string, but overall the goal has been accomplished.

So, instead of:

X509Certificate cert = new X509Certificate(certPath, "obfuscated-password");

I had to use:

X509Certificate2 cert = new X509Certificate2(certPath, "obfuscated-password");