Hi Sam, In general I'd tend to agree that setting the certs to 1970 was a bad idea, for one thing none of your logs will match up so troubleshooting will be come difficult. You may want to consider CRL implications - currently I don't think Mikrotik implements any CRL checking except for SSL VPN, but at the rate Mikrotiks developers work that may change in the near future.
Time wise, its basically NTP, unless you want to consider adding a GPS to all of your nodes. If your devices are in one place then it might make sense to have one or two mikrotiks act as a NTP time source for the rest. If you have a hub and spoke model then perhaps the hub could provide the time source for the spokes?
Russ