I came upon a similar issue recently and following Fabian's advice actually led me to the solution. Turns out with client certs you have to ensure two things:
The private key is actually being exported as part of the cert.
The application pool identity running the app has access to said private key.
In our case I had to:
The trusted root issue explained in other answers is a valid one, it was just not the issue in our case.