To request a certificate for MAC and Linux:
– SCEP ===> MAC compatible. linux: problem: client SCEP ?
or
– request a certificate from Linux, MAC using openssl

Principle:

1) prepare the certificate request:

http://www.jamescoyle.net/how-to/1073-bash-script-to-create-an-ssl-certificate-key-and-request-csr

2) submit the certificate request to https://serverweb.mydomain.local/certsrv or using certutil windows command from a jump server (request manual approval or automatic approval; depending of the Windows certificate template settings

3) install the certificate issued with the full key chain (format .p7b) on Linux (Ubuntu):

https://help.ubuntu.com/lts/serverguide/certificates-and-security.html

https://myonlineusb.wordpress.com/2011/06/19/how-to-convert-certificates-between-pem-der-p7bpkcs7-pfxpkcs12/

To view the certificates chain:

openssl pkcs7 -in certnew.p7b -print_certs

To extract the .cer view the certificates chain:

openssl pkcs7 –print_certs –in certnew.p7b –out cert.cer

To convert a .cer into a .pfx:

openssl pkcs12 –export –out cert.pfx –inkey privatekey.key –in cert.cer –certfile cert.crt

Copy the .crt under /usr/share/ca-certificates

Sudo cp cert.crt /usr/share/ca-certificates/cert.crt

Update the certificate store (requires a .crt file, else it cannot pick up):

update-ca-certificates is a program that updates   the   directory /etc/ssl/certs to hold SSL certificates and generates certificates.crt,a concatenated single-file list of certificates. It reads the file /etc/ca-certificates.conf. Each line gives a pathname of a CA certificate under /usr/share/ca-certificates that should be trusted. Lines that begin with “#” are comment lines and thus ignored. Lines that begin with “!” are deselected, causing the deactivation of the CA certificate in question. Furthermore   all   certificates   found   below   /usr/local/share/ca-certificates are also included as implicitly trusted.

Sudo update-ca-certificates

 

for MAC: http://apple.stackexchange.com/questions/80623/import-certificates-into-system-keychain-via-the-command-line

Other resources:

http://blogs.technet.com/b/configmgrteam/archive/2013/04/05/how-to-create-and-deploy-a-client-cert-for-mac-independently-from-configmgr.aspx

http://www.whitneytechnologies.com/?p=218

http://www.unix.com/shell-programming-and-scripting/107305-shell-script-provide-answers-ssl-cert-request.html

 

Additionally: transforming .cer to .pem or vice-versa: https://www.sslshopper.com/ssl-converter.html

Cent OS authentication with AD but no kerberos (certificate only): http://htfdidt.blogspot.fr/2014/06/centos-6-with-active-directory.html