Creates a new key pair (public and private) and allows to send the public part to a certification authority (CA) for signing. The resulting certificate is then sent back to you, or stored in an LDAP server for you to download into your local keybox, where you can use it to sign and decrypt mails.
This mode of operation is called “decentralized key generation”, since all keys are created locally. Kleopatra (and GpgSM) do not support “centralized key generation” directly, but you can import the public/secret key bundle that you receive from the CA in PKCS#12 format via -> (Ctrl+I) .
Searches for, and imports, certificates from certificate servers into the local keybox. See