**Context**
- ServiceNow version: Zurich
- Plugin: Certificate Inventory and Management (com.snc.certificate_inventory_mgmt)
- Role: ServiceNow Developer
- Use case: End-to-end automated certificate renewal lifecycle

**My current flow**
1. ServiceNow detects an expiring certificate (via Discovery / monitoring schedule).
2. A CSR is generated (Public Key + Private Key)
3. ServiceNow submits the CSR to the CA (ex: DigiCert) via REST API.
4. CA returns the signed certificate.
5. Up to this point, everything is automated within ServiceNow.

After step 4, I now have:
- The signed certificate returned from the CA
- The private key

**My question**
Is it possible - and considered best practice for ServiceNow (as a Developer)
to automatically deploy BOTH the signed certificate AND the private key to the
target server (e.g., a web server, load balancer, application server) to complete
the renewal?

Or is this "deploy to target server" step typically:
- Out of scope for ServiceNow Developer
- Handled by the IT Operations / Infrastructure team manually