Can you create a self-signed certificate on the Azure Key Vault? Can the Azure Key vault be your PKI?
Yes , you can create self-signed certificate
from Azure Key Vault. To create a Self Signed certificate you can follow this Microsoft Documention
.
In the Type of Certificate Authority
you can select Self-Signed Certificate
as shown below:
You can also refer this Blog by Tsuyoshi Ushio for more details.
For the second part also its true that Azure Key Vault can be used or is used as a serverless/lightweight PKI.
You will need to activate Managed HSM service on Azure Key Vault
to use the functionality. You can follow this Microsoft Documentation
for more details on the same .