Hi,

I have tried to understand the data flow and how to actually implement OCSP and CRL with cfssl.

there are at least 4 commands related to OCSP
ocsprefresh
ocspsign
ocspdump
ocspserve

ocspserve is easy, that will run in the end, after valid ocsp data has been generated.

What is the flow for the other components? This is what I think should happen
ocsprefresh and pcspsign runs every X minute in some kind cron or some other trigger
ocspdump are used to export data to be used with ocspserve

Are there any design documents available? High level flows or anything?

One other question related to this is related to gencrl, it requires a input file with one serial numer per line.

Is gencrl totally unrelated to the revoke database entries that ocsp and revoke are using?