I'm working within the Google App Engine (GAE) python 2.7 runtime.
I need sign (and potentially also generate) an X509 certificate (.csr)
I found several guides, that rely on
As I understand it, PyOpenSSL is is wrapper around OpenSSL and not available in App Engine.
Pycrypto is available, but does not have a clear pre-built signing method for X509.
How can I sign an X509 .csr using only python?
Can I sign an X509 certificate entirely in Python?
Almost certainly, but I don't think there are any existing pure Python implementations available. The closest I could find is
oscrypto, but being able to sign an X509 certificate depends on having the
ctypes module available.
The author has also written a module called
certbuilder, which claims to be a "Python library for generating and signing X.509 certificates", but it depends on the
However, the real question sounds more like...
Can I sign an X509 certificate on a Google App Engine Python Standard Environment?
In this case, the
oscrypto module probably won't help, since, according to the docs, the environment doesn't allow usage of the
You do have access to the
PyCrypto module, and although there is a Python example of reading an X509 certificate using it, and a C++ example of verifying an X509 certificate, the Python bindings don't seem to have complete support for encoding and decoding ASN.1. You might be able to combine
asn1crypto by the same author as
oscrypto for full ASN.1 support.
If none of these solutions are of any use, then either a GAE Python Flexible Environment or a GAE Custom Runtime ought to let you install the
PyOpenSSL package, but you'd have to contact their tech support team to find out.