You'll be completely protected... THIS time. OCSP and CRL checking are a joke if the browser doesn't refuse the connection should the OCSP or CRL services prove (or appear) to be offline. As far as I'm concerned all browsers should refuse connections when the certificate can't be verified, but browser makers are loath to do so because users would blame the browser for any problems they experience, and likely switch over to another with looser restrictions.
The setting can be found in: Google Chrome > Settings > Advanced settings > Security > Check server for revocation (or something along those lines.. I'm using a Dutch version)
possible duplicate of “security.OCSP.require” in Google Chrome
– Kez – 2011-03-24T11:44:35.330