SCEP

The SCEP renewal process differs significantly from the standard renewal process.

To initiate the renewal process in the first step, the client sends a request to the SCEP server.

The SCEP renewal request is a PKCS7 signed message by the previous certificate (the certificate being renewed). The server verifies the signature and message type of the SCEP request, either RENEWAL_REQ or PKCS_REQ are allowed.

The rest of the process follows the standard renewal flow.