Not quite sure what you mean, but for the record, as a general rule CAs do not generate keys. They just sign the public keys coming in as Certificate Signing Requests. Without ever seeing the accompanied private key.