Call SCEP services with the renew operation
You can only renew when:
The certificate is inside the renewal window set in the certificate profile.
The renewal request is signed with the private key (in DER format) used by the originally issued certificate (e.g. device.der.key).
The same SubjectDN fields are included within the CSR. You can use the original CSR (re-use the same public key), or you can generate a new CSR (new public key) if the same SubjectDN fields are included.
java -jar ./DigicertScepClient.jar -url <scep-url> -operation renew -cert out/device.der.cer -key device.der.key -csr device.der.csr