Is there any reason you weren't using an Enterprise CA with certificate templates? All of the configurations you were adding to your INF file could be specified in a certificate template. To create the template, start by duplicating the "Workstation" or "Web Server" template since the enrollee is a computer. You could grant the target servers enroll permissions on that template.

Then, you can get certs using pure PowerShell (Administrative, since the key gets created in the machine store):

$Fqdn = [System.Net.Dns]::GetHostByName($env:computername).HostName
Get-Certificate -Template SharePointSts -CertStoreLocation Cert:\LocalMachine\My -DnsName ($fqdn, 'server1')