A fatal error occurred when attempting to access the SSL server credential private key: 0x8009030d

Thank you Sumana Majumdar, Yes, it is now understood whether you see
the private key icon will depend on type of certificate supplied by CA
or what type of certificate is downloaded.
However, I also like to add, if you do see a certificate type which
does not show a private key icon which as stated above will depend on
type of certificate on hand, you could for instance still go ahead and
install the certificate in personal store or other store of your
choice and then examining the store should show the key icon if the
private key is bound to the certificate along with information like
who issued the certificate to whom the certificate was issued and
validity.

Hello smallfish ,

One easy method to identify if the certificate you have is associated with a Private Key is to open the certificate and check for the below mention under the General tab of the certificate. This will be present right below the Valid From section:

Another easy method is to check the extension of the certificate file that you have. 

Certificates can have any one of the below extensions:

*.PFX or *.P12  -  Personal Information Exchange Format- This format supports storage of private and public keys and all certificates in the path. 
Certificates with private keys would have the .PFX or .P12 format.
*.CER or *.CRT  -  Base64-encoded or DER-encoded binary X.509 Certificate
This format does not support storage of private keys.

*.PEM - Privacy Enhanced Mail
This is X. 509 certificate encoded in text (base64 and encrypted). This is similar to the .CER extension. This extension is also provided as some software needs a .PEM cert file.
*.CRL  -  Certificate Revocation List
Designates a certificate that has been revoked.
*.CSR  -  Certificate Signing Request
This file type is issued by applications to submit requests to a Certification Authority or CA.
*.DER - DER-encoded binary X.509 Certificate
Storage of a single certificate.  This format does not support storage of private keys.
*.P7B or *.P7R or *.SPC  -  Cryptographic Message Syntax Standard
Supports storage of all certificates in path and does not store private keys.


Also, there are two ways in which certificate Authority can provide you the private key associated certificate. They can either provide the certificate in .PFX format directly (which means certificate is already bound with private key) or they can provide you the certificate and the key file separately (in this scenario, the certificate file will be in either of the formats- .cer, .crt. .pem, .p7b, etc.).
There are multiple tools available which can be then used to bind the certificate with the provided key, to create a PFX file. One such open source tool which can be used is Open SSL.

I know it's been a couple of years, but ... could someone explain WHY the temporary workaround works?  I've encountered this same error when calling AcquireCredentialsHandle in a Secure Channel app.  The workaround worked, but I've had to perform it several times ... would like to know what's going on there technically.  Thanks.