Certificate and health check

  • Published on Mar 14, 2025
  • 2 minute(s) read
Prev Next

Traceable Edge Deployment ensures secure communication by supporting SSL/TLS certificates for encrypted traffic between clients, Cloud WAAP, and the origin. Certificate management is crucial for maintaining data integrity, authentication, and privacy.

Before You Begin

Before sharing your SSL/TLS certificate with Traceable, ensure:

  • The private key is not password-protected.

  • The certificate is in PEM format.

  • The certificate chain (intermediate certificate) is included, if applicable.

Uploading Certificates to Traceable WAAP

  • If WAAP directly receives HTTPS traffic, you must upload a TLS certificate.

  • If a third-party CDN or gateway handles TLS termination, uploading a certificate to Traceable WAAP is optional.

Steps to share certificates with Traceable

  1. Contact Traceable Customer Support for secure certificate sharing.

  2. Provide the certificate and private key in PEM format.

  3. Verify that WAAP correctly applies the certificate for secure communication.

Supported certificate formats

  • Format: Only PEM-formatted certificates are supported.

  • Key Algorithms: RSA 2048, RSA 4096.

FAQ

  1. Do I need to upload a certificate if I am using a CDN?

  • Certificate upload is optional if your CDN (AWS CloudFront, Cloudflare, Akamai, etc.) handles TLS termination.

  • If WAAP directly processes HTTPS traffic, a TLS certificate is required.

  1. What happens if my certificate expires?

  • Expired certificates may cause HTTPS traffic failures.

  • Set up automated reminders to replace certificates before expiration.

  1. Can I use self-signed certificates?

  • Yes, but self-signed certificates should be used in internal or non-production environments.

Health Checks and Monitoring

Traceable Cloud WAAP is fully managed, ensuring high availability and reliability. Dedicated endpoints allow you to monitor WAAP's health.

Checking WAAP Health and Status

You can verify WAAP availability via a Health Check URL assigned to their domain:

Health Check URL Format:
https://customer.waap.traceable.ai/traceableai/health

  • 200 OK Response: WAAP is healthy and operational.

  • Non-200 Response: Service disruption may be occurring.

Traffic flow during outages

1. Partial WAAP Node Failure (Regional Outage)

  • Traffic is automatically rerouted to the nearest healthy WAAP node.

  • No impact on your traffic unless a global failure occurs.

2. Full WAAP Outage (Global Outage)

  • All incoming traffic is blocked to prevent unauthorized access.

  • You should implement backend failover strategies (for example, DNS failover to bypass WAAP if necessary).

Failover and traffic handling

  • Automated Traffic Rerouting – Requests are forwarded to the nearest available WAAP node.

  • Policy Enforcement Continuity – Security policies remain active during failover.

  • Backend Protection Maintained – Direct traffic to the origin is not permitted to ensure security compliance.

Customer actions during downtime

  1. Check WAAP Health Check URL

    • If 200 OK, WAAP is operational.

    • If non-200, investigate service disruptions.

  2. Verify Origin Server Health

    • Ensure backend servers are operational.

  3. Contact Traceable Support

    • If WAAP is down, reach out for assistance.

FAQ

  1. Can I bypass WAAP and send traffic directly to my origin?

  • No. WAAP is a mandatory security layer. Traffic cannot bypass WAAP unless DNS is reconfigured manually.

  1. What happens if a WAAP node goes down?

  • Traffic is automatically rerouted to another healthy WAAP node.

  • Application availability remains unaffected unless a global failure occurs.

  1. How do I monitor WAAP availability?

  • Use the Health Check URL for real-time monitoring.

  1. Can I manually configure failover settings?

  • No. Failover is fully automated and managed by Traceable AI.

  1. What should I do if WAAP is down?

  • Check the Health Check URL for real-time status.

  • Contact Traceable Support for resolution.