When "enrolled" to an identity, you get the certificates and private keys that are associated with it. And, when "registered" to the identity, you create the user name and password for that identity by leveraging the CA server.
Certificates generated by the cryptogen tool are somewhat similar to the ones generated by Fabric CA. It should not be used in a live / production environment. Inherently, the cryptogen tool actually spins up Fabric CA servers on a local level.
The link to the latest documentation for Fabric CA: