Validating client certificate when handling a renewal request

[petitout]

[NecatiMeral]

Looking forward to this!

For enrollment requests, a challengePassword attribute of CSR is verified with the value known by the RA, while renewing certificates use their former certificate to authenticate RenewalReq messages.

So it should be possible to renew a certificate without the challenge (since it can be a one-time use only challenge).