Describe the bug
When exporting the certificate the private key is not exportable even though PrivateKeyExportable is true.

The issue is the task running as the System user. Change this user to any administrative user and it works correctly.

Running from the command line does not reproduce the issue because that is not running as the System user.

To Reproduce

1. Configure settings.json with PrivateKeyExportable set to true.
2. Configure a certificate and use the default user (do not specify an account for the task to run as).
3. Run the task ("--force --nocache" to ensure a new cert)
4. Open certificate manager and export the certificate.
5. The "Yes, export the private key" option will be disabled

Expected behavior
"Yes, export the private key" should be enabled.

If this isn't possible with the System account then there should be a warning or error when attempting to create the task.

Log
The Store section from the settings.json

"Store": {
"DefaultStore": null,
"CertificateStore": {
"DefaultStore": null,
"PrivateKeyExportable": true,
"UseNextGenerationCryptoApi": false
},
"CentralSsl": {
"DefaultPath": null,
"DefaultPassword": null
},
"PemFiles": {
"DefaultPath": null,
"DefaultPassword": null
},
"PfxFile": {
"DefaultPath": null,
"DefaultPassword": null
}
}

Platform:

• OS: Windows Server 2022
• Version: 2.2.6.1571, x64

Additional context
Add any other context about the problem here, for example possible network issues (firewalls, proxies, NAT) that might play a role.