We use client SSL certificates to secure web-based user communications with our web server (the edit site for a SharePoint site). Certificates are generated internally and sent to users to be installed.
Normally we don't have any issues but lately some users have been unable to access the sites while others can authenticate successfully during the same time period and even using the same certificate.
A network packet capture suggests IE isn't always sending the certificate. At this point, uninstalling and reinstalling the certificate corrects the problem–but isn't desirable.
Best Answer
Are you actually validating client identity with the SSL certificate rather than just using a server-side certificate and SSL to encrypt the communication? If so, that's not a particularly common scenario (although you may have very valid reasons for doing so). If you don't have a business need to authenticate clients with certificates, you could still encrypt communications while turning off client side certificate-based authentication which would solve your problem :)
According to the IIS Authentication documentation on MSDN:
Is it at all possible that you have multiple CA's generating the client certificates, and for some reason one of them is not on the Server's Certificate Trust List (CTL)?