@laolu , yes, this is integration is possible with Azure Key Vault. But the flow depends on the external CA. Azure Key vault can be integrated to external CA's for generating private certs using private keys. Here are the two different flows involved depending on the partnership.
1.Creating a certificate with a Certificate Authority that is partnered with Key Vault:
Digicert and GlobalSign are officially partnered with Azure Key Vault and here is how the cert creation flow takes place,
Summary: Here, Key vault will be directly communicating with external partnered CA's and creates the certificate.
2.Creating a certificate with a CA not partnered with Key Vault:
This method allows working with other CAs than Key Vault's partnered providers, meaning your organization can work with a CA of its choice.
Summary: Here Key Vault will not directly interact with external CA instead your application sends the CSR (Certificate Signing Request) to the chosen CA and receives the certificate.
Ref: https://learn.microsoft.com/en-us/azure/key-vault/certificates/certificate-scenarios
----------
Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.