AI-Assisted Windows Certificate Management with Ansible Automation Platform

Aubrey recently put together a great demo showing how Ansible Automation Platform can automate Windows IIS certificate rotation while using AI to make context-aware decisions before taking action.

Rather than automatically rotating every expiring certificate, the workflow uses Event-Driven Ansible to detect an upcoming expiration and then leverages an LLM to evaluate factors such as business conditions, maintenance windows, IIS dependencies, and change freezes. Based on that analysis, the automation can:

  • Rotate the certificate immediately
  • Schedule the rotation for an upcoming maintenance window
  • Escalate the request to ServiceNow when automation shouldn’t proceed

The demo also walks through the full remediation process, including connecting to Windows over WinRM, updating IIS HTTPS bindings, removing the old certificate, verifying the new certificate, and automatically updating the ITSM ticket with the results.

It’s a nice example of using AI as a decision-support layer while keeping Ansible responsible for the actual automation and maintaining an auditable workflow.

:movie_camera: Watch the demo here:

I’m curious how others are approaching certificate lifecycle management. Are you fully automating rotations today, or do you still require manual approval before changes are made in production?