The fix....
Just in case anyone gets caught out on this who have done a recent installtion of PKI:
http://technet.microsoft.com/en-us/library/cc770945.aspx
By allowing "Enable NONCE extensions support" you allow an OCSP check to get processed properly.
Note now my linux systems can do a OCSP check successfully - I guess at CPPMs heart lies a linux server, as most of the stuff is nowadays.
I have more detail I can post up if anyone wants me to, regarding the certutil OCSP validatoin check the MicrosoftCryptoAPI and the openssl method fi you want.
Hope it saves you guys some time if you end up in the same boat.