diff --git a/src/KubernetesClient/CertUtils.cs b/src/KubernetesClient/CertUtils.cs
index 1983870..c0a3fbe 100644
--- a/src/KubernetesClient/CertUtils.cs
+++ b/src/KubernetesClient/CertUtils.cs
@@ -90,7 +90,15 @@ namespace k8s
             using (var pkcs = new MemoryStream())
             {
                 store.Save(pkcs, new char[0], new SecureRandom());
-                return new X509Certificate2(pkcs.ToArray());
+
+                if (config.ClientCertificateKeyStoreFlags.HasValue)
+                {
+                    return new X509Certificate2(pkcs.ToArray(), "", config.ClientCertificateKeyStoreFlags.Value);
+                }
+                else
+                {
+                    return new X509Certificate2(pkcs.ToArray());
+                }
             }
         }
     }
diff --git a/src/KubernetesClient/KubernetesClientConfiguration.cs b/src/KubernetesClient/KubernetesClientConfiguration.cs
index eb611d7..a16cd6c 100644
--- a/src/KubernetesClient/KubernetesClientConfiguration.cs
+++ b/src/KubernetesClient/KubernetesClientConfiguration.cs
@@ -37,6 +37,11 @@ namespace k8s
         /// </summary>
         public string ClientCertificateFilePath { get; set; }
 
+        /// <summary>
+        ///     Gets or sets the ClientCertificate KeyStoreFlags to specify where and how to import the certificate private key
+        /// </summary>
+        public X509KeyStorageFlags? ClientCertificateKeyStoreFlags { get; set; }
+
         /// <summary>
         ///     Gets ClientCertificate Key filename
         /// </summary>