Michael,
That very well could be. And yes, it is unlikely you need a different client. Certificates may cause problems. The Certificate revocation list is provided by a CA to give an access point for devices to check if the cert they are using has been revoked.
As the KBA mentions although it may be unclear, you can open the certificate and going to its properties. On the Details tab, there is a list of crl points as shown in the screenshot.
For step 3, you would open your IIS manager on the CA server. Click on Mime types, find .crl in that list and make sure it is application/pkix-crl.
You can actally use the browser on the device to make sure you can hit the URL in the details tab (or file location)
The following KBA may assist as well.
Http://service.sap.com/sap/support/notes/2118600
And for the rest of the steps http://service.sap.com/support/notes/2083086
Tracy
