Vault PKI issue certificate for Vault listener address

Did anyone try to use Vault PKI for issuing certificates for Vault https listener?
I assume the way to do it is to start with tls_disable=1, than create the PKI, then update the listener certificates.
Does it make sense even to do that?