• To generate a PKI certificate for SSH sessions, you'll first need to create a key pair using tools like ssh-keygen.
• Then, you'll use a Certificate Authority (CA) to sign the public key of your key pair, creating a signed certificate.
• Finally, you'll configure your SSH client and server to use this certificate for authentication.

Thanks

@Trevor The creation of digital certificates ( PKI ) by Certificate Authorities (CAs) fundamentally involves these steps:

1. A user first generates a public-private key pair.
2. Next, the user submits a Certificate Signing Request (CSR) to a CA, which includes their public key and identifying information.
3. The CA then verifies the user's identity, potentially with assistance from a Registration Authority (RA).
4. Upon successful validation, the CA issues a digital certificate. This certificate contains the user's public key and identifying details and is digitally signed using the CA's private key.
5. Finally, for secure communication, a sender can encrypt data using the recipient's public key found in the certificate, and the recipient can decrypt it with their corresponding private key.

here you can use this command to generate the key pairs :  

ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa

-t rsa  : to use the RSA algorithm for the key generation.
-b 2028 :  to create an RSA key with a bit length of 2048 bits.