Apologies for the delay in getting back to you - been bouncing around travelling.
So - regarding your question 1 (about the "public certificate"
==> The is a (public) CLIENT certificate that's used to authenticate with CBA (so - we're using certificate authentication). This has two purposes - one is "normal authentication" and the other is to control "which LANDesk server can control what clients". If I were to plug a VM LD-server into your network, you wouldn't want me to be able to nilly willy be able to control your clients ... I wouldn't be able to, unless you'd give me the private certificate.
======
LANDesk doesnt' use SSH really in the way you mean. Our remote executions go through CBA8 (that's "Common Base Agent') -- essentially the process looks like this:
1 - Core pings client (to check it's alive and it's the right client)
2 - Authentication / handshaking takes place.
3 - Assuming the client is alive, & authentication is fine Core sends the task details to the client. I.e. "Exectute command 'mkdir /xyz' "
4 - Client executes the command.
Bit simplified, but you get the picture. There's no SSH certificate store or whatnot involved (we have to deal with boxes that don't even have SSH installed sometimes)... so we're relying on CBA8 (our own stuff) instead .
=========
I hope the above explanations help you with clarifying what our certificates get used for (i.e. - not SSH). So in this respect, you had the wrong idea, I think. The certificate *IS* necessary - it's just not used the way you thought it was.
Hope this helps / explains things .
- Paul Hoffmann