Can you try One-to-one mapping of certificates to user account so that Logged in User can use the cert store of his account alone. Details in the link below.
https://msdn.microsoft.com/en-us/library/bb742438.aspx
One-to-One Mapping
One-to-one mapping involves mapping a single user certificate to a single Windows 2000 user account. For example, assume you want to provide a Web page to your employees that will allow them to view and modify their deductions, manage their health care, and other benefits. You want this page to work over the Internet and remain secure. As a solution, you decide to use Windows 2000, certificates, and certificate mapping. You can either issue certificates to each of your employees from your own certificate service, or you can have your employees obtain certificates from a CA approved by your company. You then take these user certificates and map them to the employees' Windows 2000 user accounts. This allows users to connect to the Web page, using the Secure Sockets Layer (SSL) from anywhere by providing their client certificate. Users log on using their user account and normal access controls can be applied.