Yes I did that, unfortunately, the documentation does not distinguish between private key and public key generation. And so I don't know what to tell my IT people. Clearly they were able to generate a pem, but they only generated one. It does contain the trust chain, but I have no way of know whether it is private or public