Fix: A Fatal Error Occurred While Creating a TLS Client Credential. The Internal Error State Is 10013

A Fatal Error Occurred While Creating a TLS Client Credential. The Internal Error State Is 10013

Are you getting the error message “A fatal error occurred while creating a TLS client credential? The internal error state is 10013”?

We had the same error for a client in June 2023. Needed to be fixed ASAP, so we fixed it over a remote session!

We will explain what this error is, what a TLS client credential is, why it occurs, and how to fix it.


This issue appears on Windows 11 and 10, and displays the message “A fatal error occurred while creating a TLS client credential. The internal error state is 10013”.

TLS stands for Transport Layer Security and it’s meant to provide data security on the internet.

However, vulnerabilities were found in version 1.0, so it’s disabled by default in Windows.

To get around this issue, you can temporarily enable TLS 1.0 or 1.1 on your system by following one of these methods:

  • Updating your settings in Internet Options.
  • Enabling them via Control Panel.
  • Using PowerShell commands or registry keys to enable them manually.

Note that some old programs might need these protocols for connecting to the internet, so if none of these solutions work for you then you may need to upgrade those programs instead.

A fatal error occurred while creating a TLS client credential. The internal error state is 10013 – What is it?

This is an error that occurs when creating a TLS client credential, and it can cause your application to fail at runtime.

The TLS (Transport Layer Security) protocol provides security for communications over the Internet by encrypting the data sent between two systems.

If there is an issue with creating the credential needed for this encryption, then you will receive this error.

The 10013 internal state error can occur due to several issues, such as incorrect configuration of the credentials or an incompatible version of TLS used by one of the systems involved in communication.

Other possible causes include misconfigured firewalls or antivirus software blocking certain connections or protocols, or even a corrupted certificate file.

In some cases, it could also be caused by other errors which are preventing the successful establishment of a secure connection.

To troubleshoot this problem, firstly you should verify that your credentials are configured correctly and that both sides support compatible versions of TLS.

Additionally, check any firewall settings on either side and make sure no rules are blocking communication-related to TLS protocols.

If necessary, you can also try regenerating your certificate files if they have become corrupted over time.

If all else fails and you still encounter this fatal error while creating a TLS client credential, then it might be best to contact technical support for assistance in resolving this issue quickly and efficiently.

An experienced technician will be able to help identify what caused the problem and provide solutions so you can get back up and running as soon as possible!

So, What is the TLS (Transport Layer Security) client credential?

The TLS client credential is a certificate used to authenticate the server and verify its identity when establishing a secure connection.

It contains information about the server, such as the issuer, expiration date, and domain name.

When you try to connect to a website using TLS encryption, your browser sends this certificate along with your request for the web page.

The website then uses it to validate that you are connecting from an authorized source.

If there is an issue with the certificate or if it fails validation, you may receive the error message Event ID 36871: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

This indicates that something is wrong with the authentication process and prevents your connection from being established properly.

Fortunately, most of these errors can be resolved by simply refreshing your browser or by updating your SSL/TLS certificates on both ends of the connection.

Why does the error occur while creating a TLS client credential?

The issue could be related to the authentication process when creating a TLS client credential.

TLS is an encryption protocol used in many applications and services for secure communication between two systems.

There may be an issue with the protocols, causing the client not to be able to decipher the code sent by the server.

This can result in a fatal error occurring while creating a TLS client credential, with an internal error state of 10013.

Here are some potential causes of this error:

  • Incorrectly configured certificates or settings on either side of the connection
  • Issues with the firewall or network settings
  • Interference from third-party software on either side of the connection
  • Incompatible versions of TLS being used

How to fix the error?

You may be able to fix this error by checking the Transport Layer Security (TLS) protocols. Enable TLS 1.0/1.1 using Internet Properties and change values in the Registry.

You can also solve this fatal error by running a PowerShell Script. To check if TLS 1.2 is enabled, look for specific values in the registry or use a tool such as SSL Labs Server Test.

1. Review Default Transport Layer Security protocols

We need to check the Transport Layer Security protocols to prevent a fatal error from occurring while creating a TLS client credential.

The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are Internet standard authentication protocols that can be enabled through IIS Crypto GUI.

Just download it, run it and see what options are ticked.

We should manually uncheck these two options to keep them disabled without causing the fatal error 10013 from occurring.

Doing so requires caution and careful attention, as any misconfiguration could lead to serious security risks or other issues.

Therefore, it is important to fully understand all the implications of disabling these protocols before proceeding with the changes.

2. Enable TLS 1.0/1.1 In Internet Properties

Enabling TLS 1.0 and 1.1 through Internet Properties can help prevent a 10013 issue.

To do this, follow these steps:

  1. Open up ‘Internet Properties’ from the Start Menu.
  2. Select ‘Advanced’.
  3. Tick the checkboxes for both ‘TLS 1.0’ and ‘TLS 1.1’.
  4. Click ‘Ok’.
  5. Restart your PC to apply the changes.

You’re all set now! This should fix any problems you were having with that error code. However, if it doesn’t work, you may need to try something else.

3. Change Keys In The Registry

Open Registry Editor.

Head to ‘HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols’ and create two new keys: ‘TLS 1.2’ and ‘Client’.

Right-click the ‘Client’ key and create two values – ‘DisabledByDefault’ and ‘Enabled’, then set the value of ‘Enabled’ to ‘1’.

When done, restart your PC.

That should do it!

Solve A fatal error occurred while creating a TLS client credential by running a PowerShell Script

All you need to do is download and unpack the file, right-click on it, and run with PowerShell or launch it in PowerShell ISE.

Copy the provided script into ISE and press enter.

This will enable TLS 1.2 by making changes to your registry values automatically, allowing you to connect securely over the internet without any issues.

Once completed, you should see a message confirming that TLS 1.2 has been enabled successfully!

Is TLS 1.2 is enabled?

You can check if TLS 1.2 is enabled by using the Internet Properties panel.

Press Win+R to open the Run prompt, and type inetcpl. cpl, and hit Enter.

Then go to the Advanced tab and navigate to the Security section.

Look for the Use TLS 1.2 checkbox – if it’s ticked, TLS 1.2 is on.

If not, you may need to enable it yourself or contact your network administrator for assistance with this process.

Remember that TLS 1.2 is important for secure communication between two networks or services over the internet, so make sure it’s enabled when handling sensitive data!

Is TLS 1.0 enabled?

You can easily check if TLS 1.0 is enabled on the server by following the same steps you use to check if TLS 1.2 is enabled.

Search for internet properties in the taskbar search box.

Click on the individual search box and go to the Advanced tab.

Check if Use TLS 1.0 is enabled in this tab – it’s that easy!

If it isn’t checked off, then TLS 1.0 isn’t enabled on your server.

Frequently Asked Questions

What Other Errors Can Occur While Creating a TLS Client Credential?

When creating a TLS client credential, other errors can occur that are unrelated to the fatal error.

These include certificate validation errors, incorrect authentication methods used during the handshake, and issues with the cipher suite chosen for the connection.

Additionally, problems such as an expired certificate or a mismatch in hostname could also cause an error.

If any of these issues arise while setting up a TLS client credential, it is important to address them quickly to prevent future difficulties.

What Is the Difference Between a TLS Client Credential and Other Types of Credentials?

A TLS client credential is different from other types of credentials in that it allows a secure connection to be established between two parties.

The TLS protocol, or Transport Layer Security, uses encryption to protect data being sent back and forth.

This type of security ensures that information is kept confidential and only accessible by those with the correct credentials.

Additionally, TLS also provides authentication so that only legitimate clients can access the data.

What Other Steps Can Be Taken to Prevent This Type of Error From Occurring in the Future?

To prevent this type of error from occurring in the future, you should always ensure that the TLS client credential creation process is secure and validated.

You should also check for compatibility with any related software programs or services before attempting to create a TLS client credential.

Additionally, it would be beneficial to review all related documentation and tutorials before starting the credential creation process.

Are There Any Alternative Methods of Creating a TLS Client Credential?

Yes, there are alternative methods of creating a TLS client credential.

The most popular method is to use an SSL/TLS Certificate Authority (CA). This CA will issue certificates that can be used to authenticate and encrypt communication between two or more parties.

Additionally, you can also create custom self-signed certificates for your TLS client credentials. These certificates provide the same level of encryption and authentication but don’t require an outside authority to issue them.

What Are the Potential Consequences of This Error Occurring?

If this error occurs while creating a TLS client credential, it could lead to serious security issues.

It may allow unauthorized access to confidential data or personal information, resulting in data breaches and identity theft.

The error might also result in disruption of service due to connection issues. This could impact the user experience for customers or employees who rely on secure connections.

In addition, the user may be unable to access certain resources if they have been denied authorization because of the error.


It’s important to understand what TLS client credentials are and why an error occurs while creating them.

Although it can be confusing and frustrating when this fatal error (10013) pops up, the good news is that there are steps you can take to fix it.

With a bit of research and troubleshooting, you should have no trouble getting your TLS client credentials up and running in no time.

Still unable to fix? No worries, just get in touch with one of our techies today and we’ll help you sort out this issue!

I am a computer engineer holding a bachelor's degree in Computer Science, complemented by a Master's in Business Administration from University of Strathclyde, Scotland. I currently work as a Senior IT Consultant in Melbourne, Australia. With over 15 years of...