That is absolutely possible. In captivate, you'll set your publish settings to reflect the required grade and how many times they can take the quiz within the attempt (this will not mean if they retake it that it will show multiple tries in Moodle...this is in the scorm only) and whether to report pass/fail or incomplete/complete. If you want it to run really seamlessly, you could build the course backwards putting the last scorm in first and adding a link at the end of the preceeding module to it so it just opens the next one. This can be fiddly and I don't recommend it but it is possible. You can add links (or buttons) at the end to any activity, for that matter.
Basically, if you have three modules, you publish and upload #3. Take a link to #3 and add it to the end of #2. Publish #2 and load it to Moodle, copy the link. Add the link to #2 to the end of #1, publish it and load it to moodle. Set the activity settings to skip content structure page always for each one. This way the link opens the module directly rather than directing users to the Enter page. This may make things complicated if you want people to be able to make more than one attempt on the module (not the internal quiz but actual trackable attempts)--start fresh at the beginning and such. Like I said--I don't necessarily recommend it but it IS possible.
I'm assuming (I know, bad idea) you're using course completion. Make sure all the scorms have completion settings turned on.
Now for the certificate...once all of your modules are loaded and set the way you want, create your certificate and open up the Restrict Access option. You'll add a restriction set and add the three (or however many you have) scorms to the set requiring completion or passing (depending on what you want). I've had less that awesome experiences requiring passing scores (but if you require a grade for completion, a passing score is irrelevant--they complete if they passed, so...) but newer versions probably work better (I've spent a considerable amount of time on 2.5 and 2.8...still adjusting to new hotness!). Set the certificate to be invisible unless those conditions are true. Voila. It should work.