I appreciate the reply. However, in this case the same service account is being used on both servers, and I made sure that the service account had full access to the files, and I still got the error. After I changed the SQL Server service to run as Local System, restarted it, changed it back to my service account, restarted again, it began to work as expected. So, while I am quite sure that what you are saying is how it is *supposed* to work - it matches all of the other information I've been able to find - in my case, it doesn't seem to have been working correctly.
And to make things even more interesting, I am trying to replicate everything in another clone of our environment, and am having the same issue - however, with an added twist. After restarting the service, I can access the bi_server_Cert.cer file - but not the bi_server_Cert.pvk file. Or at least, it will let me create the certificate on the second server if I leave out the pvk. Unfortunately the certificate doesn't work when I do it that way.
Have a meeting scheduled with our security gurus... something is not working the way it should, just not sure what exactly.