you need to create a csr based on the key already created on the Nitrokey. I you get a cert from a CA (or signed the csr yourself) you can import the cert via
pkcs15-init --store-certificate mycert.pem --id 3
The question is, what you want the cert to be used for. Because, if you like to use a S/MIME cert you surely want to decrypt message as well? Only key slot 2 can be used for decryption (specification of OpenPGP Card v2) and thus you need to have the same key on both slots, 2 and 3 to ensure decryption and signing respectively.
Therefore, you normally need to choose if you want to use OpenPGP or S/MIME standard.
Thank you for your explanations. I thought to myself that with the S/MIME certificate and the PGP key, it would only be either or and not AND.
You want to know what I want to use the Nitrokey Start for? Well, primarily as a learning and training object and for documentation. I’m the pragmatist, I don’t just want to theoretically understand what’s going on, I also want to practically understand it. That’s why I ordered another one right away.
I just wanted to have a look at your use case to help with the tools S/MIME can be a bit special with the Nitrokey which are build with the OpenPGP standard in mind. If you want to use S/MIME email encryption as most people want, you would need to import a key into slot 2 and slot 3 and import the cert as well. This can be a hassle with the Nitrokey start, but should generally work with current OpenSC (0.19).