Some CAs offer a "service" that will generate the key and sign it for you. So you just follow the CA's wizard and never generate a key locally.
I saw a sorta tech-savvy person doing this and they didn't see anything wrong with it. It's yet another thing that CAs should not be allowed to do but get away with anyways.
Most people setting up web pages simply have no idea what's going on with a CSR. It's all some weird files to them. Most of them probably think the key is included in the certificate the CA sends you.
I saw a sorta tech-savvy person doing this and they didn't see anything wrong with it. It's yet another thing that CAs should not be allowed to do but get away with anyways.
Most people setting up web pages simply have no idea what's going on with a CSR. It's all some weird files to them. Most of them probably think the key is included in the certificate the CA sends you.