Certificate validation should be enabled and revocation checking properly configured. If a CRL Grace Period is used, the grace period should be limited to a few days. Do not use the CRL Grace Period as a mechanism to work around a dysfunctional CRL infrastructure.