MDM Enrollment and Identity Certificate

During OTA enrollment of iOS devices (iPhone), I can send an MDM profile along with a PKCS12 identity certificate (for this test, I did not want to use SCEP). Therefore, this identity certificate is linked to the MDM management.

Is it possible to change the identity certificate afterwards without re-enrolling the device? I can push a new PKCS12 certificate using a dedicated profile installation command, but this embedded certificate will not be the one connected to the MDM enrollment. Updating the identity certificate can be required as the first identity certificate will expire oneday.