WWW SSL
failure
1x weight
estimate
WWW SSL. certificate invalid, expired, or TLS handshake failing
[SSL] record layer failure (_ssl.c:1010)
Events
501
Pts per check
1.4
Pts missed
695.8
Teams hit
1/13
Authority mappings
Which work roles, knowledge units, and EWU courses this error pattern touches. Hover for context, click to drill in.
DCWF roles:
CE-463 Host Analyst
CS-521 Cyber Defense Infrastructure Support Specialist
CS-622 Secure Software Assessor
IT-451 System Administrator
SE-461 Systems Security Analyst
What the message means
Port 443 is accepting the TCP connection but TLS fails (expired cert, wrong CN, self-signed not trusted, or record-layer issue). At regional, only Boston University had meaningful WWW SSL uptime (69%). Any uptime is differentiation.
Why the service is down
- Certificate expired (most common).
- Certificate's CN (common name) doesn't match team<N>.ncaecybergames.org.
- Apache's SSL module not enabled or not loading the right cert.
- Bad cipher list or protocol version incompatibility.
Commands in order
-
1. 1. Show current cert and expiry
openssl x509 -in /etc/ssl/certs/server.crt -noout -dates -subject -issuerExpectnotBefore / notAfter dates; subject CN=team<N>.ncaecybergames.orgInterpret and nextExpired = regenerate. Wrong CN = regenerate with correct CN. -
2. 2. Regenerate a self-signed cert (quick win)
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /etc/ssl/private/server.key \ -out /etc/ssl/certs/server.crt \ -subj "/C=US/ST=WA/L=Spokane/O=EWU/CN=team<N>.ncaecybergames.org"ExpectGenerating a 2048 bit RSA private key; (no errors)Interpret and nextFile ownership must let Apache read them: `chmod 600 key, 644 crt`. -
3. 3. Restart Apache
systemctl restart apache2ExpectNo errors in `journalctl -u apache2 -n 20`Interpret and nextError about cert path or permissions = fix paths in ssl.conf. -
4. 4. Verify externally
curl -vk https://localhost/ 2>&1 | grep -E 'subject|issuer|SSL'ExpectSSL connection uses TLSv1.2+ with the new certInterpret and nextStill handshake fails: check `/etc/apache2/mods-enabled/ssl.conf` for bad SSLProtocol / SSLCipherSuite.
Decision tree
Answer each question to route to the right fix.
Q: Is there any cert at /etc/ssl/certs/server.crt?
Yes:
Q: Is it expired?
Yes:
Regenerate (step 2).
No:
Q: Does subject CN match team<N>.ncaecybergames.org?
Yes:
Inspect Apache ssl.conf. likely a protocol/cipher issue.
No:
Regenerate with correct CN.
No:
Generate one (step 2).
External references
Other patterns on this service
- 5,619.4 failure Failed to connect to host
- 1,954.2 timeout Timeout
- 448.6 failure [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] ssl/tls alert handshake failure (_ssl.c:1010)
- 354.2 failure [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.
- 338.9 failure [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.
- 52.8 failure admin was unable to login
- 2.8 partial admin was not able to create the student user student_27044152-07a8-49f0-9b14-9d6db3824c91
- 2.8 partial admin was not able to create the student user student_29fd905b-e6d2-4c85-a8d0-e0ae7029c47f