When X.509 certificates are used you might get this error:
The second part of the error implies that you may need to set permissions on the private key. I'll deal with that in a separate post.
The first part of the error means that the certificate was created with a private key that is not capable of key exchange. This can happen when you use makecert.exe to create a test certificate without specifying the correct flags. The correct way to use makecert is: