Using the Account Service Certificate Store with .NET 2.0 HttpWebRequest

I have a Windows.net 2.0 service application written in C # that accesses a soapless web service over SSL using HttpWebRequest. My Windows service is running under the NETWORK SERVICE account.

I can make SSL work by issuing a certificate to the web server that the windows service is running from from the CA and then installing the CA certificate in the Local Machine \ trusted root store.

What I would like to do is install the CA certificate in the "service account" root trust store instead of the "local machine" store and do this "just work".

In other words, it seems like the SSL authentication used by the .net framework is hardcoded to check the current user store and local machine store for trusted roots when checking the SSL certificate, but is there any clean way to get it to verify the "account service "instead of (or in addition to) other stores?

The only solution I can think of is to override ServicePointManager.ServerCertificateValidationCallback and then P / Invoke to the Crypto API to open the "service account" certificate store in Win32 and manually look for the root directory there. I would rather not do this as it would look like a pretty big performance penalty and had to wait for 2 certifying stores to fail, which I have no intention of using at all.

Perhaps I am using a completely wrong approach here, but it seems to me that I just cannot solve my problem.