Such workflows are possible with python-pkcs11 and asn1crypto, but not possible with cryptography 41.x. Issue raised: https://github.com/pyca/cryptography/issues/9467. The enhancement will be shipped in cryptography 42.0. Then this component can add support for RSA PSS signing algorithms for the CSR.
AWS IoT Core recently added support for RSA PSS signing algorithms: https://aws.amazon.com/about-aws/whats-new/2023/07/aws-iot-core-new-certificate-signing-key-generation-algorithms/
This allows for workflows such as:
Such workflows are possible with python-pkcs11 and asn1crypto, but not possible with cryptography 41.x. Issue raised: https://github.com/pyca/cryptography/issues/9467. The enhancement will be shipped in cryptography 42.0. Then this component can add support for RSA PSS signing algorithms for the CSR.