This exact thing happened about a decade ago, when someone released a tool called Serenity that allowed you to spoof your SteamID using recorded tickets. It was especially chaotic for the Garry's Mod community, since most servers have admin tools gated behind SteamID checks.
To protect against replay of the token associated with the certificate, simply challenge the client to sign the value specified by the server eg. random value+server ID.