Access to a certificate’s private key is needed for creating digital signatures, or decrypting public-key encrypted documents/emails. In order to do this from ASP.NET, the PFX containing the certificate w/ private key must be imported into the correct registry-based certificate store such that the ASP.NET worker process can find it and has permission to use it. Microsoft provides a tool to do this:
WinHttpCertCfg.exe, a Certificate Configuration Tool