如何使用BouncyCastle生成可用于WCF身份验证的X509Certificate2

这是我的WCF服务代码：

        ServiceHost svh = new ServiceHost(typeof(MyClass));
        var tcpbinding = new NetTcpBinding(SecurityMode.TransportWithMessageCredential, true);
        //security
        tcpbinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
        svh.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new BWUserNamePasswordValidator();
        svh.Credentials.UserNameAuthentication.UserNamePasswordValidationMode =UserNamePasswordValidationMode.Custom;
        svh.Credentials.ServiceCertificate.Certificate = GenerateCertificate(myCert);
        svh.AddServiceEndpoint(typeof(IMyClass), tcpbinding, location);            
        svh.Open();

这是我用来生成证书的代码：

    static X509Certificate2 GenerateCertificate(string certName)
    {
        var keypairgen = new RsaKeyPairGenerator();
        keypairgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));
        var keypair = keypairgen.GenerateKeyPair();
        var gen = new X509V3CertificateGenerator();
        var CN = new X509Name("CN=" + certName);
        var SN = BigInteger.ProbablePrime(120, new Random());
        gen.SetSerialNumber(SN);
        gen.SetSubjectDN(CN);
        gen.SetIssuerDN(CN);
        gen.SetNotAfter(DateTime.MaxValue);
        gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
        gen.SetSignatureAlgorithm("MD5WithRSA");
        gen.SetPublicKey(keypair.Public);
        gen.AddExtension(X509Extensions.SubjectKeyIdentifier, false,
                    new SubjectKeyIdentifierStructure(keypair.Public));        
        var newCert = gen.Generate(keypair.Private);
        return new X509Certificate2(DotNetUtilities.ToX509Certificate((Org.BouncyCastle.X509.X509Certificate)newCert));
    }

当我启动服务器时，它崩溃了，出现以下异常：

ArgumentException: It is likely that certificate 'CN=MyCert' may not 
have a private key that is capable of key exchange or the process may not have 
access rights for the private key. Please see inner exception for detail.

内部异常为null。

我做错了什么？

gen.AddExtension(
    X509Extensions.KeyUsage, 
    true,
    new KeyUsage(KeyUsage.keyCertSign));