diff --git a/src/Microsoft.Identity.Web/CertificateManagement/DefaultCertificateLoader.cs b/src/Microsoft.Identity.Web/CertificateManagement/DefaultCertificateLoader.cs
index d1c38edb9..d4a24804d 100644
--- a/src/Microsoft.Identity.Web/CertificateManagement/DefaultCertificateLoader.cs
+++ b/src/Microsoft.Identity.Web/CertificateManagement/DefaultCertificateLoader.cs
@@ -194,12 +194,12 @@ private static void ParseStoreLocationAndName(string storeDescription, ref Store
             return cert;
         }
 
-        internal /*for test only*/ static X509Certificate2 LoadFirstCertificate(IEnumerable<CertificateDescription> certificateDescription)
+        internal /*for test only*/ static X509Certificate2? LoadFirstCertificate(IEnumerable<CertificateDescription> certificateDescription)
         {
             DefaultCertificateLoader defaultCertificateLoader = new DefaultCertificateLoader();
             CertificateDescription certDescription = certificateDescription.First();
             defaultCertificateLoader.LoadIfNeeded(certDescription);
-            return certDescription.Certificate!;
+            return certDescription.Certificate;
         }
     }
 }
diff --git a/src/Microsoft.Identity.Web/TokenAcquisition.cs b/src/Microsoft.Identity.Web/TokenAcquisition.cs
index 914714c61..c3b0de0af 100644
--- a/src/Microsoft.Identity.Web/TokenAcquisition.cs
+++ b/src/Microsoft.Identity.Web/TokenAcquisition.cs
@@ -371,7 +371,7 @@ private async Task<IConfidentialClientApplication> BuildConfidentialClientApplic
 
                 if (_microsoftIdentityOptions.ClientCertificates != null)
                 {
-                    X509Certificate2 certificate = DefaultCertificateLoader.LoadFirstCertificate(_microsoftIdentityOptions.ClientCertificates);
+                    X509Certificate2? certificate = DefaultCertificateLoader.LoadFirstCertificate(_microsoftIdentityOptions.ClientCertificates);
                     builder.WithCertificate(certificate);
                 }