Client receives 403.16 error when IIS cannot process a complete certificate chain (IIS 6.0)
When IIS receives an incoming Secure Sockets Layer (SSL) request from a client, it attempts to build its certificate chain before sending its certificate information back to the client. Beginning with IIS 6.0, IIS does not automatically download intermediate certificates by default, which was the behavior in previous versions of IIS. Instead, IIS 6.0 fails the Certificate Revocation List (CRL) check for the certificate because it cannot find the HTTP location for the CRL Distribution Point (CDP). The user then sees an HTTP 403.16 error message.
To rectify this error, add the certificate to the Intermediate Certification Authorities folder on the local computer.
To add an intermediate certificate to Intermediate Certification Authorities