Wanted to also add:
This is happening to most clients (hundreds) at sporadic times. Problem is - their administrators always push windows updates, so i don't know if a windows update caused this a few months ago, network changes, etc. I have done the obvious by deleting certs and adding them back in the browser, clearing SSL state, but nothing fixes the problem. Also - the user(s) have very little admin rights on their PC, so they can't go into trusted sites, etc. I do know that our domain is listed in the trusted sites location. It has always worked fine for the last 10 years before a few months ago. We have very little visibility on the network or admin configuration on their PC's......
Jason