--- a/src/sign.py	Tue Mar 08 11:12:06 2016 -0800
+++ b/src/sign.py	Wed Mar 09 11:27:23 2016 -0800
@@ -21,7 +21,7 @@
 #
 
 #
-# Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
 #
 
 import getopt
@@ -33,6 +33,10 @@
 import sys
 import tempfile
 import traceback
+
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import serialization
 from imp import reload
 
 import pkg
@@ -47,7 +51,6 @@
 from pkg.client import global_settings
 from pkg.client.debugvalues import DebugValues
 from pkg.misc import emsg, msg, PipeError
-import M2Crypto as m2
 
 PKG_CLIENT_NAME = "pkgsign"
 
@@ -107,14 +110,16 @@
 
 def __make_tmp_cert(d, pth):
         try:
-                cert = m2.X509.load_cert(pth)
-        except m2.X509.X509Error as e:
+                with open(pth, "rb") as f:
+                        cert = x509.load_pem_x509_certificate(f.read(),
+                            default_backend())
+        except (ValueError, IOError) as e:
                 raise api_errors.BadFileFormat(_("The file {0} was expected to "
                     "be a PEM certificate but it could not be read.").format(
                     pth))
         fd, fp = tempfile.mkstemp(dir=d)
         with os.fdopen(fd, "wb") as fh:
-                fh.write(cert.as_pem())
+                fh.write(cert.public_bytes(serialization.Encoding.PEM))
         return fp
 
 def main_func():