At this time, the CRL endpoint returns a JSON response as expected. It would be nice if it could also return raw response so that CFSSL can be used as a CRL Distribution Point in addition to being a OCSP responder.

A simple implementation would be adding a query parameter called "raw". When true the response header Content-Type is set to "application/pkix-crl" and browsers and other legacy applications can download a CRL file.

If a query parameter in the CRL Distribution Point URL is believed to cause issues, a separate endpoint can be developed that does not require query parameters.