A certificate to be used for authenticating the SSHUser.
SSHClientCert must contain a valid private key in order to use public key authentication. A public key is optional, if one is not included then the provider generates it from the private key. The provider sends the public key to the server and the connection is allowed if the user has authorized the public key.
Some types of key stores are containers which may include multiple keys. By default the provider will select the first key in the store, but you can specify a specific key using SSHClientCertSubject.