Hi,

I think I have identified a bug in the use of X509Certificate2 certificates in the C# driver (not a security flaw but it does break the driver when using pfx certificates), specifically in the way certificates are cloned in memory. Before I submit a bug report and fix via a PR, I just wanted to make sure I understand the code.

Specifically, in the documentation there is the following: http://mongodb.github.io/mongo-csharp-driver/2.2/reference/driver/ssl/
IMPORTANT
It is imperative that when loading a certificate with a password, the PrivateKey property not be null. If the property is null, it means that your certificate does not contain the private key and will not be passed to the server.

Can you please clarify this for me? I am confused as to why the above only seems to apply when you are using a password on the certificate - is it not possible to create a certificate with public key and private key but without a password, and if so in this case is the private key not required in the client?

Thanks,
Alex