First published on MSDN on Apr 28, 2017
Recently, I have assisted a Premier customer who installed a new certificate on Windows Server 2008 R2 but was unable to bind the certificate to the Website hosted on IIS. 7.5. This is the error we were getting:
A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001
Log Name: System
Date: 7/2/2016 9:52:25 AM
Event ID: 36870
Task Category: None
A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.
The error indicates that IIS is not able to access the certificate's private key.
Steps we took to fix the issue:
Contact your certificate vendor for a certificate with private key. Import the cert and do the binding in IIS.
Assuming this is a valid certificate, verify that the certificate includes a private key. Double clicking the certificate in certificate manager (Certificate store) should say "You have a private key that corresponds to this certificate":