The goal is to distribute an experiment wide certificate and private
key. At the moment this is just a self signed x509 certificate and the
accompanying rsa key. In PEM format. The same cert/key will be distributed
across multiple aggregates.
An openssh key pair can be trivially derived from the private key. Or the
public part can be derived from the certificate. A quick google will show
Initially, you will need to run tmcc directly to get them, using the
geni_certificate and geni_key commands.