A server can use a self-signed certificate to identify itself. Clients then have to trust this certificate when they connect or use the server's service.

In PKI infrastructure you normally don't have the CA generate the key-pair unless its the root certificate. Clients and intermediate CAs will generate their own key-pair and use the CSR to have the root certificate sign it. A CA doesn't generate certificates itself because then how can you trust that the CA hasn't kept the private key for itself. This breaks down the PKI infrastructure.

CAs like Symantec/Verisign or GoDaddy generally don't offer services to generate the key-pair for you. Due to reasons in the previous paragraph. You send them a CSR with the information for your certificate to be signed.

See my answer here for more details.

A server can use a self-signed certificate to identify itself. Clients then have to trust this certificate when they connect or use the server's service.

In PKI infrastructure you normally don't have the CA generate the key-pair unless its the root certificate. Clients and intermediate CAs will generate their own key-pair and use the CSR to have the root certificate sign it. A CA doesn't generate certificates itself because then how can you trust that the CA hasn't kept the private key for itself. This breaks down the PKI infrastructure.

CAs like Symantec/Verisign or GoDaddy generally don't offer services to generate the key-pair for you. Due to reasons in the previous paragraph. You send them a CSR with the information for your certificate to be signed.

See my answer here for more details.

A server can use a self-signed certificate to identify itself. Clients then have to trust this certificate when they connect or use the server's service.

In PKI infrastructure you normally don't have the CA generate the key-pair unless its the root certificate. Clients and intermediate CAs will generate their own key-pair and use the CSR to have the root certificate sign it. A CA doesn't generate certificates itself because then how can you trust that the CA hasn't kept the private key for itself. This breaks down the PKI infrastructure.

CAs like Symantec/Verisign or GoDaddy generally don't offer services to generate the key-pair for you. Due to reasons in the previous paragraph. You send them a CSR with the information for your certificate to be signed.

A server can use a self-signed certificate to identify itself. Clients then have to trust this certificate when they connect or use the server's service.

In PKI infrastructure you normally don't have the CA generate the key-pair unless its the root certificate. Clients and intermediate CAs will generate their own key-pair and use the CSR to have the root certificate sign it. A CA doesn't generate certificates itself because then how can you trust that the CA hasn't kept the private key for itself. This breaks down the PKI infrastructure.

CAs like Symantec/Verisign or GoDaddy generally don't offer services to generate the key-pair for you. Due to reasons in the previous paragraph. You send them a CSR with the information for your certificate to be signed.

See my answer here for more details.