403.13 errors

I am working with IIS 6.0 on a Windows 2003 server. Right now I'm trying to set up SSL. On the server, I'm using the self-signed cert, and on the client, I'm using a cert issued by my company. And I'm trying to set up an SSL connection between them with these certs.

IIS is set up to require SSL, and I have a CTL with my company's root cert in it. I am fairly sure that the CDP servers are working correctly (and certutil -verify seems to confirm this), but whenever I try to connect from the client, the server quickly returns a 403.13 error. Just in case I'm not using certutil correctly, I used an ldap browser, went to the site, and opened the crl to confirm that my cert was not revoked.

I've been playing around with the metabase settings, and I currentl y have CertCheckMode set to 0. I also upped the RevocationURLRetrievalTimeout because the CRL is a little over 4 MBs.

So my question is, if my cert is valid and certutil can confirm this, why does IIS keep telling me that it can't check the CRL? Is there something else I can check for?

Thanks in advance.

I think I've figured out why I'm having these problems. There are different definitions for the RevocationFreshnessTime and RevocationURLRetrievalTimeout in IIS help, MS Techcenter, and MSDN.

I can't seem to get CertCheckMode="4" to work no matter what definition of the other variables I go by. But if I take everything out of the metabase, it will work.

Can someone definitively explain what the Revocation variables do? Or perhaps give me a better solution to the problem of working with a 4.1 MB CRL?

Sorry, I'm no help at all when it comes to certs, perhaps someone else can jump in.

Anyone?