This is not a Cisco product related, but in case someone can confirm I'd appreciate it:
Imagine from a web server (let's say the Microsoft IIS web server thing) you generate a "certificate request" and submit that to the CA (Certificate Authority, Verisign for example).
Then Verisign process your request and send you the certificate via e-mail and then you install that certificate on the web server Microsoft IIS web server.
The certificate that Verisign sent over e-mail is (or contain) the public key, correct?
How about the private key? Was that private key generated when such "certificate request" was processed at the very first step in the Microsoft web server, correct?