function Set-AclOnCert {
    [CmdletBinding()]
    param(
        [psobject]$Thumbprint,
        [string]$Identity,
        [string]$FileSystemRights,
        [string]$Type,
        [string]$StoreName
    )

    $mycert = Get-Item -Path cert:\LocalMachine\$StoreName\$Thumbprint
    $keyPath = $env:ProgramData + "\Microsoft\Crypto\RSA\MachineKeys\"
    $keyName = $mycert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
    $keyFullPath = $keyPath + $keyName
    $acl = (Get-Item $keyFullPath).GetAccessControl("Access")
    $permission=$Identity,$FileSystemRights,$Type
    $accessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
    $acl.AddAccessRule($accessRule)
    Set-Acl -Path $keyFullPath -AclObject $acl
}