def generate_and_sign_cert(req, pk, sign_key, issuer_cn, issuer_c):
pkey = req.get_pubkey()
sub = req.get_subject()
cert = X509.X509()
cert.set_serial_number(1)
cert.set_version(2)
cert.set_subject(sub)
t = long(time.time()) + time.timezone
now = ASN1.ASN1_UTCTIME()
now.set_time(t)
nowPlusYear = ASN1.ASN1_UTCTIME()
nowPlusYear.set_time(t + 60 * 60 * 24 * 365)
cert.set_not_before(now)
cert.set_not_after(nowPlusYear)
issuer = X509.X509_Name()
issuer.C = issuer_c
issuer.CN = issuer_cn
cert.set_issuer(issuer)
cert.set_pubkey(pkey)
ext = X509.new_extension('basicConstraints', 'CA:TRUE')
cert.add_ext(ext)
cert.sign(sign_key, 'sha256')
return cert, pk, pkey
