Is it possible to fully sign an X509 certificate in Python?
Almost certainly, but I don't think there are existing pure Python implementations. The closest I could find is oscrypto , but the availability of the X509 certificate signature depends on the availability of the ctypes module.
The author also wrote a module called certbuilder , which claims to be a "Python library for generating and signing X.509 certificates", but it depends on the oscrypto module.
However, the real question sounds more like ...
Can I sign an X509 certificate in the standard Python environment for the Google App Engine?
In this case, the oscrypto module probably will not help, because, according to the documents, the environment does not allow the use of the ctypes module.
You have access to the PyCrypto module, and although there is a Python example for reading an X509 certificate using it and a C ++ Example for checking an X509 certificate, Python bindings do not seem to have full support for ASN.1 encoding and decoding. You can combine PyCrypto with asn1crypto by the same author as oscrypto to fully support ASN.1.
If none of these solutions are used, then either the GAE Python Flexible Environment or the GAE Custom Runtime should allow you to install the PyOpenSSL package, but you need to contact technical support to find out.