We are experiencing slowness because of SharePoint's STS certificate CRL checking. This is a known issue and there is a Microsoft Workaround for it: https://support.microsoft.com/en-us/kb/2625048
The problem stems due to the fact that the SharePoint server we have cannot connect to the Internet. Hence, Microsoft has a workaround asking us to import the SharePoint Root Authority to our Trusted Root Certification Authorities store. My concern with this approach is, if this machine is offline and we are importing a new Root Authority, how can we know if the root authority is still valid. How do we validate for revoked certificates?
I am no expert on certificates and root authorities. Hence, I am being a little extra paranoid about this solution. Are there any security drawbacks to this approach?