def generate_and_sign_cert(req, pk, sign_key, issuer_cn, issuer_c): pkey = req.get_pubkey() sub = req.get_subject() cert = X509.X509() cert.set_serial_number(1) cert.set_version(2) cert.set_subject(sub) t = long(time.time()) + time.timezone now = ASN1.ASN1_UTCTIME() now.set_time(t) nowPlusYear = ASN1.ASN1_UTCTIME() nowPlusYear.set_time(t + 60 * 60 * 24 * 365) cert.set_not_before(now) cert.set_not_after(nowPlusYear) issuer = X509.X509_Name() issuer.C = issuer_c issuer.CN = issuer_cn cert.set_issuer(issuer) cert.set_pubkey(pkey) ext = X509.new_extension('basicConstraints', 'CA:TRUE') cert.add_ext(ext) cert.sign(sign_key, 'sha256') return cert, pk, pkey