3rd party certificate shows Current version of .NET cannot directly access private key for certificate CN=domain address

The following can be seen after applying a 3rd party certificate:

Warning message in the *_Security_Proxy.* trace log: 

WARN ... Current version of .NET cannot directly access private key for certificate 'CN=domain address' (XXXXXXXXXXXXXX)

Users could see:

Error 500: Internal Server Error

Environment:

CNG certificate support is not fully implemented while CryptoAPI is fully supported. So the certificate needs to be converted before it will work.

Resolution:

Use OpenSSL to convert the 3rd party certificate to the CryptoAPI format. The resulting CryptoAPI format will be accepted by Qlik Sense. 

1.) Convert the certificate first from PFX in CNG format to PEM

openssl pkcs12 -in 3rdparty-cngformat.pfx -out 3rdparty.pem

2.) Convert it back from PEM to PFX getting PFX in CryptoAPI format

openssl pkcs12 -export -in 3rdparty.pem -out applytoSense.pfx

More information can be found here
https://docs.microsoft.com/en-us/windows/win32/seccertenroll/understanding-cryptographic-providers