NCAE Mapping Hub
Overview Scoreboard Data Roles Exercised Checklists Lessons Skill Drills Practice Terminal Progress
WWW SSL failure 1x weight estimate

WWW SSL. certificate invalid, expired, or TLS handshake failing

[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] ssl/tls alert handshake failure (_ssl.c:1010)
Events
323
Pts per check
1.4
Pts missed
448.6
Teams hit
1/13

Authority mappings

Which work roles, knowledge units, and EWU courses this error pattern touches. Hover for context, click to drill in.

DCWF roles: CE-463 Host Analyst CS-521 Cyber Defense Infrastructure Support Specialist CS-622 Secure Software Assessor IT-451 System Administrator SE-461 Systems Security Analyst
Knowledge Units: CD-ACR Advanced Cryptography CD-BCY Basic Cryptography CD-OSA Operating Systems Administration CD-WAS Web Application Security CO-M7 Applied Cryptography
EWU courses: CSCD212 CSCD379 CSCD380 MATH231 MATH380

What the message means

Port 443 is accepting the TCP connection but TLS fails (expired cert, wrong CN, self-signed not trusted, or record-layer issue). At regional, only Boston University had meaningful WWW SSL uptime (69%). Any uptime is differentiation.

Why the service is down

Commands in order

  1. 1. 1. Show current cert and expiry
    openssl x509 -in /etc/ssl/certs/server.crt -noout -dates -subject -issuer
    Expect
    notBefore / notAfter dates; subject CN=team<N>.ncaecybergames.org
    Interpret and next
    Expired = regenerate. Wrong CN = regenerate with correct CN.
  2. 2. 2. Regenerate a self-signed cert (quick win)
    openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /etc/ssl/private/server.key \ -out /etc/ssl/certs/server.crt \ -subj "/C=US/ST=WA/L=Spokane/O=EWU/CN=team<N>.ncaecybergames.org"
    Expect
    Generating a 2048 bit RSA private key; (no errors)
    Interpret and next
    File ownership must let Apache read them: `chmod 600 key, 644 crt`.
  3. 3. 3. Restart Apache
    systemctl restart apache2
    Expect
    No errors in `journalctl -u apache2 -n 20`
    Interpret and next
    Error about cert path or permissions = fix paths in ssl.conf.
  4. 4. 4. Verify externally
    curl -vk https://localhost/ 2>&1 | grep -E 'subject|issuer|SSL'
    Expect
    SSL connection uses TLSv1.2+ with the new cert
    Interpret and next
    Still handshake fails: check `/etc/apache2/mods-enabled/ssl.conf` for bad SSLProtocol / SSLCipherSuite.

Decision tree

Answer each question to route to the right fix.

Q: Is there any cert at /etc/ssl/certs/server.crt?
Yes:
Q: Is it expired?
Yes: Regenerate (step 2).
No:
Q: Does subject CN match team<N>.ncaecybergames.org?
Yes: Inspect Apache ssl.conf. likely a protocol/cipher issue.
No: Regenerate with correct CN.
No: Generate one (step 2).

External references

Other patterns on this service