Should allow the use of a string that does not map back to the built-in cert store Enum.
Should also add a custom error if the UI fails to save to the config with a permissions error.
If possible, have the UI check to see if the executing account has access to the selected certificates private keys.