This example was written for the article "Using iText 7 and AWS KMS to digitally sign a PDF document" and shows how to generate a self-signed certificate for testing purposes, which you can use with an AWS KMS Key Pair.

For production purposes however, you'll usually want to use a certificate signed by a trusted Certificate Authority (CA). You can do this in a similar way to that shown in this example, by creating and signing a certificate request for your AWS KMS public key, sending it to your CA of choice, and getting back the certificate to use from them.

Note: The article assumes that you have stored your credentials in the default section of your ~/.aws/credentials file and your region in the default section of your ~/.aws/config file. Otherwise, you'll have to adapt the KmsClient instantiation or initialization in the code examples written for this article.

For the other examples relating to this article, please see the following links: