When instantiating an X509 digital certificate from code (using System.Security.Cryptography.X509Certificates.X509Certificate2), IIS on Windows 7 was working, but on Windows 2008 Server was raising an error:
An internal error occurred.
This was caused by IIS not having access to user profile stores (even though our code was reading from a file and not the certificate store).
The fix was to modify the IIS application pool (Advanced Settings) to load the user profile for the application pool identity. Note that the certificate need to be IN the subject user profile; the X509Certificate code must attempt to access the user profile regardless of where you are loading the certificate from.