After an IIS6 server certificate renewal, all of the users using client certificates were getting the following error:
HTTP 403.16 Forbidden: Client certificate is ill-formed or is not trusted by the web server.
The solution was found in the following article: http://support.microsoft.com/default.aspx/kb/332077
The new server certificate was located only in the Personal store for the Computer account and not on the Trusted Root Certificates Authorities store of the same account.
Having followed the steps described in the article above everything turned to be ok.
I hope this helps!