When you are writing application to run as service or middle tier, which is using client certificates. You should not enable strong key protection during certificate installation.
Strong key protection is the way you are informing the system that whenever someone want to use this protected resource (client certifcate) then prompt me for the permission. In middle tier environment you really do not want this prompt, you really want to run your application unattended. In fact with .Net frameworks 1.1, SP1 you won't be able to use the certificate with strong key protection.
Check the posting from Kevin W. Hammond about his experience on this issue
This posting is provided "AS IS" with no warranties, and confers no rights