You might want to start a separate thread if you think you need information not covered by the questions/answers given here. But I will try and answer one of your questions:
What agent files are used?
[answer] First, we need to be mindful that the topic here is impersonation. And impersonation has two options (ssh is the default, and sudo). Within that context, I *believe* it does not use any agent files, like it does when it impersonates using sudo, because the agent isn't actually creating a sub/separate NolioAgent process (which initiates and runs in a similar context in terms of loading with jars, updating logs, files, etc..). In the default ssh mode it connects to the local machine using 127.0.0.1 and does what it needs to do in the shell environment provided by that users connection.
As for certificate authorization, I'm unclear on what is being asked.