$amtFQDN = "amt.demo.com" 
$cn = "CN = " + $amtFQDN
$nullSignedPKCS10Request = new-object -com "X509Enrollment.CX509CertificateRequestPkcs10"
$dn = new-object -com "X509Enrollment.CX500DistinguishedName"
$serverAuthOID = new-object -com "X509Enrollment.CObjectId"
$publicKey = new-Object -com "X509Enrollment.CX509PublicKey"
# Initialize server OID.
$serverAuthOID.InitializeFromName("16") # 16 = RSA.
$publicKey.Initialize($serverAuthOID, $derKey, "", "1")
$nullSignedPKCS10Request.InitializeFromPublicKey(0x02, $publicKey, "WebServer") # 0x02 = ContextMachine.  
$dn.Encode($cn, "0")
$nullSignedPKCS10Request.Subject = $dn
# Add PKCS10 attributes as needed.
$objHash = new-object -com "X509Enrollment.CObjectId"
$objHash.InitializeFromAlgorithmName("1", "0", "0", "SHA256")
$nullSignedPKCS10Request.HashAlgorithm = $objHash
$nullSignedPKCS10Request.Encode()
$nullSignedPKCS10RequestDER = $nullSignedPKCS10Request.RawData("3")