(Tangentially related: I just found out Chrome, by default, doesn't handle certificate revocations correctly. Anyone using Chrome: if you haven't already, go into the advanced preferences and tick "Check for server certificate revocation". See Certificate Revocation and Heartbleed for more information.)
<sigh>
Cheers,
Scott.