Do it now. It will take you a minute if you’re slow, and there’s no downside to speak of:
The only downside to this extra checking is possibly a slight delay to perform the request the first time you go to a web site and when the cache expires. This should be less overhead than downloading a small image, so I’m not worrying about it.
I am very surprised that OCSP (online certificate status protocol) hasn’t been enabled by default in every version of OS X and Safari ever. I’m also surprised at how weak and uninformative the warning from Safari is.