AcquireCredentialsHandle() failed with error 0X8009030D

Could not create SSL/TLS secure channel

Here’s an error that’s commonly found in ASP.NET on IIS. If you are configuring your application to use an x.509 certificate you may see the following error.

System.Net Information: 0 : 4608 AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Error: 0 : 4608 AcquireCredentialsHandle() failed with error 0X8009030D.
System.Net Information: 0 : 4608 AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Error: 0 : 4608 Exception in the HttpWebRequest#34090260::EndGetResponse – The request was aborted: Could not create SSL/TLS secure channel.

The key detail here is AcquireCredentialsHandle() failed with error 0X8009030D. The error 0X8009030D generally means that the IIS Worker Process does not have permissions to access the certificate that’s been specified in the web.config or through run-time code. This error may show up as Could not create SSL/TLS secure channel.

How to Resolve Error 0X8009030D

The fix for this is usually to make sure the local IIS_IUSRS group has permissions to the certificate’s private key.

  1. Open the MMC console.
  2. Add the Certificates Snap-in
  3. Make sure you select manage certificates for Computer Account
  4. Navigate to Certificates > Personal > Certificates. Most x.509 certificates are stored here, if yours is not you can also search in the snap-in.
  5. Locate your application certificate, right click, Select All Tasks > Manage Private Keys
    error 0X8009030D
  6. Make sure IIS_IUSERS is in the list and has at least Read access.
  7. Click Ok to Save
  8. Restart IIS

Further Reading

MSDN – Working with Certificates
Virtual Directory Documentation on IIS.net.

I’m an avid Technologist, while I do work on architecting solutions that span from the desktop to the data center, my passion is Web Infrastructure.
We will be happy to hear your thoughts

      Leave a reply