Signing an x509 certificate without direct access to private key (stored in aws kms/hsm)

I want to sign an X509 certificate whose keys I cannot access directly(stored in KMS/HSM). I thought of a way to sign the certificate with any random private key so that the certificate can be generated successfully, after that, I can pass the payload of the certificate to the KMS/HSM for signing, and the signature that will be given will be set in the previously created certificate. But I am not able to do so. Can someone help me how to achieve this with the java code?

How many English words
do you know?
Test your English vocabulary size, and measure
how many words do you know
Online Test
Powered by Examplum