I’m adding a self-signed X509 Certificate to an HTTPS request.

request.ClientCertificates.Add(new X509Certificate(@"key.pfx", ""));

It is talking to nginx, with:

 ssl_verify_client on;

As it is self signed I get an error on the certificate signing chain. So I tell c# to ignore it. (The lambda is executed and true is returned)

 ServicePointManager.ServerCertificateValidationCallback += 
                                (sender, cert, chain, sslPolicyErrors) => true;

However, I then get the following error from nginx.

400 Bad Request
No required SSL certificate was sent
nginx/1.0.5

Can anyone explain why this might be happening? Or how I can track down why?
My current thinking: The certificate is getting removed from the http client because it is self-signed?

Also: some diagnostic output from c#

Step into: Stepping over method without symbols 'System.Net.Security.SecureChannel.VerifyRemoteCertificate'
System.Net Information: 0 : [5516] SecureChannel#31534420 - Remote certificate has errors:
System.Net Information: 0 : [5516] SecureChannel#31534420 -     A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

System.Net Information: 0 : [5516] SecureChannel#31534420 - Remote certificate was verified as valid by the user.

Any help most welcome! Thanks,
Chris