Powershell script to add permissions to X509 certificate private key for specific user.

Set-AclForCertificate.ps1

<#
    .DESCRIPTION
    Powershell script to add permissions to X509 certificate private key for specific user.
    .OUTPUTS
    Set-Acl result
    .EXAMPLE
    PS> .\Set-AclForCertificate.ps1 'your_cert_thumbprint' 'domain\username' 'Read'
    or
    PS> .\Set-AclForCertificate.ps1 'your_cert_thumbprint' 'domain\username' 'FullControl'
    
    String equivalent of System.Security.AccessControl.FileSystemRights for $permission.
    Script should be run as Administrator.
#>
param(
  [Parameter(Mandatory=$true)][string] $certThumbprint,
  [Parameter(Mandatory=$true)][string] $user,
  [Parameter(Mandatory=$true)][string] $permission,
  [string] $logPath = ""
)

$cert = Get-ChildItem "Cert:\LocalMachine\my\$certThumbprint"
$rsaCert = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($cert)

[string] $uniqueName = $rsaCert.key.UniqueName
#[string] $keyFilePath = "$env:ALLUSERSPROFILE\Microsoft\Crypto\Keys\$uniqueName"
[string] $keyFilePath = "$env:ALLUSERSPROFILE\Microsoft\Crypto\RSA\MachineKeys\$uniqueName"
$acl = Get-Acl -Path $keyFilePath

$rule = new-object security.accesscontrol.filesystemaccessrule $user, $permission, allow

$acl.AddAccessRule($rule)
Set-Acl -Path $keyFilePath -AclObject $acl