SSL Certificate Analysis for www.l.root-servers.org - Security Grade & TLS Configuration

Subject

CN=www.lroot.icann.org

Issuer

C=US, O=Let's Encrypt, CN=E7

Valid From

September 20, 2025

Valid Until

December 19, 2025 33 days

Public Key

ECDSA 384 bit (P-384) Strong

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

09:C3:49:CF:F4:03:DA:43:08:42:48:30:8B:E7:29:3D:03:34:6F:EF:BC:52:F3:6D:59:2F:49:91:24:2B:E9:8C

Alternative Names

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

13 domains

l.root-servers.org www.l.root-servers.org

Other domains in certificate

blog.icann.org compliance.icann.org crm-gtld.icann.org csc.icann.org dns.icann.org feedback.icann.org idn.icann.org radar.icann.org rrs.icann.org rzerc.icann.org www.lroot.icann.org