Nessus scans by certificate

Hi,

We have a requirement to scan some Linux machines via certificates and NOT use a root level account that can log in locally to perform the scans. I'd ask this on Tenables site but I don't have an account handy. As I have read the best guess I have is we use credentialed scans and put the public key of the Nessus server on the machine to be scanned and add the account to use and passphrase. Tell me if I am wrong.

The other part of this is where do I put the certificate on the Nessus machine and on the client machine (Red Hat and Ubuntu clients).

I am relatively new to Linux so ANY help would be appreciated.

...alan