In some environments, user authentication keys can be signed in turn by a ‘certifying authority’ (‘CA’ for short), and user accounts on an SSH server can be configured to automatically trust any key that's certified by the right signature.
This can be a convenient setup if you have a very large number of servers. When you change your key pair, you might otherwise have to edit the authorized_keys file on every server individually, to make them all accept the new key. But if instead you configure all those servers once to accept keys signed as yours by a CA, then when you change your public key, all you have to do is to get the new key certified by the same CA as before, and then all your servers will automatically accept it without needing individual reconfiguration.
To get your key signed by a CA, you'll probably send the CA the new public key (not the private half), and get back a modified version of the public key with the certificate included.
If you want to incorporate the certificate into your PPK file for convenience, you can use the ‘Add certificate to key’ menu option in PuTTYgen's ‘Key’ menu. This will give you a single file containing your private key and the certificate, which is everything you need to authenticate to a server prepared to accept that certificate.
To remove the certificate again and restore the uncertified PPK file, there's also a ‘Remove certificate from key’ option.
(However, you don't have to incorporate the certificate into your PPK file. You can equally well use it separately, via the ‘Certificate to use with the private key’ option in PuTTY itself. See section 4.22.2. It's up to you which you find more convenient.)
When the currently loaded key in PuTTYgen contains a certificate, the large ‘Public key for pasting’ edit box (see section 8.2.12) is replaced by a button that brings up an information box telling you about the certificate, such as who it certifies your key as belonging to, when it expires (if ever), and the fingerprint of the CA key that signed it in turn.