SCEP
The SCEP renewal process differs significantly from the standard renewal process.
To initiate the renewal process in the first step, the client sends a request to the SCEP server.
The SCEP renewal request is a PKCS7 signed message by the previous certificate (the certificate being renewed). The server verifies the signature and message type of the SCEP request, either RENEWAL_REQ or PKCS_REQ are allowed.
The rest of the process follows the standard renewal flow.