johnhancockinsurance.com

- Manulife Financial -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number 3f:aa:29:cc:69:8b:c5:64:8a:a4:4a:c7:d0:0f:57:b2 was issued on by Sectigo Limited.

With 62 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Manulife Financial

Organization: Manulife Financial
Organization unit: US Segment
State / Province: Ontario
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): 3f:aa:29:cc:69:8b:c5:64:8a:a4:4a:c7:d0:0f:57:b2
Serial Number (int): 84624901974404422199231670551810365362
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: d6:a4:69:fe:f4:38:02:6b:25:e6:48:dd:69:0d:d3:94:b5:d0:8b:fd
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): 5a:dd:0f:78:d4:5e:92:00:e6:5c:c1:bc:66:bc:54:2d:c3:79:a8:6e
Fingerprint (sha256): 00:18:34:32:ce:45:91:e2:c9:59:99:32:f2:60:dd:2d:c8:b3:73:79:e7:54:4d:c1:50:26:54:38:2d:04:89:9a

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate johnhancockinsurance.com

62

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for johnhancockinsurance.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

johnhancockinsurance.com
advisor-dev-tmp.johnhancockinsurance.com
advisor-stg-tmp.johnhancockinsurance.com
advisor-tst.tmp.johnhancockinsurance.com
advisor.johnhancockinsurance.com
author-dev-tmp.johnhancock.com
author-qa-tmp.johnhancock.com
author-stg-tmp.johnhancock.com
author-tmp.johnhancock.com
dev-tmp.jhsimpleterm.com
dev.jhgroupannuities.com
dev.johnhancock.com
dev.johnhancockaspire.com
dev.johnhancockinsurance.com
dev.manulifebermuda.com
dev.mysales.johnhancock.com
dev.rewardslife.johnhancockinsurance.com
dev.tmp.mysales.johnhancock.com
jhaspire.com
jhgroupannuities.com
jhrewardslife.com
jhrewardslife.johnhancockinsurance.com
jhsimpleterm.com
johnhancock.com
johnhancockaspire.com
manulifebermuda.com
mysales.johnhancock.com
preprod.johnhancockinsurance.com
preview.stg.johnhancock.com
qa-tmp.jhsimpleterm.com
qa.jhaspire.com
qa.jhgroupannuities.com
qa.johnhancock.com
qa.johnhancockaspire.com
qa.johnhancockinsurance.com
qa.manulifebermuda.com
qa.mysales.johnhancock.com
qa.rewardslife.johnhancockinsurance.com
sales-dev-tmp.johnhancockinsurance.com
sales-stg-tmp.johnhancockinsurance.com
sales-tst-tmp.johnhancockinsurance.com
sales.johnhancockinsurance.com
stg-tmp.jhsimpleterm.com
stg.jhaspire.com
stg.jhgroupannuities.com
stg.johnhancock.com
stg.johnhancockaspire.com
stg.johnhancockinsurance.com
stg.manulifebermuda.com
stg.mysales.johnhancock.com
stg.rewardslife.johnhancockinsurance.com
www.advisor.johnhancockinsurance.com
www.jhaspire.com
www.jhgroupannuities.com
www.jhrewardslife.com
www.jhsaleshub.com
www.jhsimpleterm.com
www.johnhancock.com
www.johnhancockaspire.com
www.johnhancockinsurance.com
www.manulifebermuda.com
www.sales.johnhancockinsurance.com

Other certificates including the domain name johnhancockinsurance.com

(limited to 100 certificates)
johnhancockinsurance.com
stage.jherpmx2.jhancock.com
manulife.com
qa.johnhancock.com
johnhancock.com
johnhancock.com
stg.johnhancock.com
myplanuat.johnhancock.com
manulife.com
stage.jherpmx3.jhancock.com
manulife.com
johnhancock.com
manulife.com
johnhancock.com
johnhancock.com
johnhancock.com
myplanuat.johnhancock.com
johnhancock.com
test.jherpdx3.jhancock.com
johnhancock.com
manulife.com
jherppx2.jhancock.com
instant-apply.johnhancockinsurance.com
manulife.com
instant-apply.johnhancockinsurance.com
go.johnhancockinsurance.com
partner.johnhancockinsurance.com
jherpmx8.mod.manulifeusa.com
johnhancock.com
johnhancock.com
johnhancock.com
test.jherpdx3.jhancock.com
manulife.com
manulife.com
johnhancock.com
manulife.com
manulife.com
johnhancock.com
manulife.com
johnhancock.com
expresstrack-stg.johnhancockinsurance.com
partner.johnhancockinsurance.com
manulife.com
stg.johnhancock.com
johnhancock.com
johnhancock.com
johnhancockinsurance.com
jherppx2.jhancock.com
johnhancock.com
johnhancock.com
johnhancock.com
go.johnhancockinsurance.com
test.jherpdx3.jhancock.com
manulife.com
manulife.com
johnhancock.com
johnhancock.com
jherppx2.jhancock.com
johnhancock.com
test.jherpdx3.jhancock.com
manulife.com
johnhancock.com
manulife.com
johnhancock.com
manulife.com
jherpx8.prd.manulifeusa.com
manulife.com
johnhancock.com
qa.manulifebermuda.com
stage.partnerlink.jhancock.com
anderppx01.jhancock.com
test.jherpdx3.jhancock.com
johnhancock.com
johnhancock.com
expresstrack-stg.johnhancockinsurance.com
johnhancock.com
manulife.com
partnerlinkc.jhancock.com
myplan.johnhancock.com
manulife.com
johnhancock.com
manulife.com
johnhancock.com
advisor-tst.johnhancockinsurance.com
dev.johnhancockinsurance.com
preprod.johnhancockinsurance.com
johnhancock.com
programs.johnhancockinsurance.com
manulife.com
jherpmx8.mod.manulifeusa.com
stage.partnerlink.jhancock.com
stage.partnerlink.jhancock.com
stage.jherpmx2.jhancock.com
johnhancock.com
jherpx8.prd.manulifeusa.com
jherpmx8.mod.manulifeusa.com
johnhancockinsurance.com
expresstrack.johnhancockinsurance.com
manulife.com
stg.johnhancock.com

Certificate

The complete raw certificate details for johnhancockinsurance.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIINsTCCDJmgAwIBAgIQP6opzGmLxWSKpErH0A9XsjANBgkqhkiG9w0BAQsFADCB
lTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQD
EzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2Vy
dmVyIENBMB4XDTIyMDQwODAwMDAwMFoXDTIzMDQwODIzNTk1OVowdDELMAkGA1UE
BhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xGzAZBgNVBAoTEk1hbnVsaWZlIEZpbmFu
Y2lhbDETMBEGA1UECxMKVVMgU2VnbWVudDEhMB8GA1UEAxMYam9obmhhbmNvY2tp
bnN1cmFuY2UuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuBZ
wypOc+xOMU1Mvz64NpzfMuOG2Ggu35CMubpa4PSrjjh3jsDoHKIAi1pz1tZN+Ec4
2Vt7gZEHZLkLQVc0WCW3Y3ZrN76D0W33iAXPPZNizoPCUe33j6Zi7DvAEaMvSgT7
3FWqPONlCR0snRrgBY4g68M98Z6Ub+35EgtomnvVXb9tinfSC9F45dFmvyu0CK4S
T/t15GzQ7rtg2qz9AfpOEbMQZwQWwzErLor2+YB9kzO+SazJtWp1xHTFsUWhklbt
kn8O8nwV0Jh+LcPC9ajNpxgkyFGF78ZXEWKRx98ml9HirAbsVSBaTik0oyFgkFRN
PR/hKUFEtqqI5TKsewIDAQABo4IKGzCCChcwHwYDVR0jBBgwFoAUF9nWJSdn+THC
SUPZMDZEjGypT+swHQYDVR0OBBYEFNakaf70OAJrJeZI3WkN05S10Iv9MA4GA1Ud
DwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjBKBgNVHSAEQzBBMDUGDCsGAQQBsjEBAgEDBDAlMCMGCCsGAQUFBwIB
FhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwBAgIwWgYDVR0fBFMwUTBP
oE2gS4ZJaHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBT3JnYW5pemF0
aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBigYIKwYBBQUHAQEEfjB8
MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FP
cmdhbml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUF
BzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTCCAX0GCisGAQQB1nkCBAIEggFt
BIIBaQFnAHYArfe++nz/EMiLnT2cHj4YarRnKV3PsQwkyoWGNOvcgooAAAGACmDT
cAAABAMARzBFAiBlys/l4USnTZhPvMZlcGBhvvwZXfc1zbrGwTNdJzV/aQIhAIcV
pPceRkta34BBwoRjxPHXQ+mrHsApoFBhMVgKn2XJAHYAejKMVNi3LbYg6jjgUh7p
hBZwMhOFTTvSK8E6V6NS61IAAAGACmDTRAAABAMARzBFAiEAhCd0a5drxHBJQaDP
IdkWTNSCPJYXA7ExRx8KZIzPYUYCIAz8xNbjkAPaYUW3dkPmPhdRiQPoDTFyUUD6
l9r1V95uAHUA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGACmDT
CAAABAMARjBEAiA/lzxl5pLon+nA4wZPQmP65b1FZ0/SeqNskDfMyLWQEAIgc434
+Wa95/JGaGC7L83A8lZP/fZWiflv824dbj8ap9owggbgBgNVHREEggbXMIIG04IY
am9obmhhbmNvY2tpbnN1cmFuY2UuY29tgihhZHZpc29yLWRldi10bXAuam9obmhh
bmNvY2tpbnN1cmFuY2UuY29tgihhZHZpc29yLXN0Zy10bXAuam9obmhhbmNvY2tp
bnN1cmFuY2UuY29tgihhZHZpc29yLXRzdC50bXAuam9obmhhbmNvY2tpbnN1cmFu
Y2UuY29tgiBhZHZpc29yLmpvaG5oYW5jb2NraW5zdXJhbmNlLmNvbYIeYXV0aG9y
LWRldi10bXAuam9obmhhbmNvY2suY29tgh1hdXRob3ItcWEtdG1wLmpvaG5oYW5j
b2NrLmNvbYIeYXV0aG9yLXN0Zy10bXAuam9obmhhbmNvY2suY29tghphdXRob3It
dG1wLmpvaG5oYW5jb2NrLmNvbYIYZGV2LXRtcC5qaHNpbXBsZXRlcm0uY29tghhk
ZXYuamhncm91cGFubnVpdGllcy5jb22CE2Rldi5qb2huaGFuY29jay5jb22CGWRl
di5qb2huaGFuY29ja2FzcGlyZS5jb22CHGRldi5qb2huaGFuY29ja2luc3VyYW5j
ZS5jb22CF2Rldi5tYW51bGlmZWJlcm11ZGEuY29tghtkZXYubXlzYWxlcy5qb2hu
aGFuY29jay5jb22CKGRldi5yZXdhcmRzbGlmZS5qb2huaGFuY29ja2luc3VyYW5j
ZS5jb22CH2Rldi50bXAubXlzYWxlcy5qb2huaGFuY29jay5jb22CDGpoYXNwaXJl
LmNvbYIUamhncm91cGFubnVpdGllcy5jb22CEWpocmV3YXJkc2xpZmUuY29tgiZq
aHJld2FyZHNsaWZlLmpvaG5oYW5jb2NraW5zdXJhbmNlLmNvbYIQamhzaW1wbGV0
ZXJtLmNvbYIPam9obmhhbmNvY2suY29tghVqb2huaGFuY29ja2FzcGlyZS5jb22C
E21hbnVsaWZlYmVybXVkYS5jb22CF215c2FsZXMuam9obmhhbmNvY2suY29tgiBw
cmVwcm9kLmpvaG5oYW5jb2NraW5zdXJhbmNlLmNvbYIbcHJldmlldy5zdGcuam9o
bmhhbmNvY2suY29tghdxYS10bXAuamhzaW1wbGV0ZXJtLmNvbYIPcWEuamhhc3Bp
cmUuY29tghdxYS5qaGdyb3VwYW5udWl0aWVzLmNvbYIScWEuam9obmhhbmNvY2su
Y29tghhxYS5qb2huaGFuY29ja2FzcGlyZS5jb22CG3FhLmpvaG5oYW5jb2NraW5z
dXJhbmNlLmNvbYIWcWEubWFudWxpZmViZXJtdWRhLmNvbYIacWEubXlzYWxlcy5q
b2huaGFuY29jay5jb22CJ3FhLnJld2FyZHNsaWZlLmpvaG5oYW5jb2NraW5zdXJh
bmNlLmNvbYImc2FsZXMtZGV2LXRtcC5qb2huaGFuY29ja2luc3VyYW5jZS5jb22C
JnNhbGVzLXN0Zy10bXAuam9obmhhbmNvY2tpbnN1cmFuY2UuY29tgiZzYWxlcy10
c3QtdG1wLmpvaG5oYW5jb2NraW5zdXJhbmNlLmNvbYIec2FsZXMuam9obmhhbmNv
Y2tpbnN1cmFuY2UuY29tghhzdGctdG1wLmpoc2ltcGxldGVybS5jb22CEHN0Zy5q
aGFzcGlyZS5jb22CGHN0Zy5qaGdyb3VwYW5udWl0aWVzLmNvbYITc3RnLmpvaG5o
YW5jb2NrLmNvbYIZc3RnLmpvaG5oYW5jb2NrYXNwaXJlLmNvbYIcc3RnLmpvaG5o
YW5jb2NraW5zdXJhbmNlLmNvbYIXc3RnLm1hbnVsaWZlYmVybXVkYS5jb22CG3N0
Zy5teXNhbGVzLmpvaG5oYW5jb2NrLmNvbYIoc3RnLnJld2FyZHNsaWZlLmpvaG5o
YW5jb2NraW5zdXJhbmNlLmNvbYIkd3d3LmFkdmlzb3Iuam9obmhhbmNvY2tpbnN1
cmFuY2UuY29tghB3d3cuamhhc3BpcmUuY29tghh3d3cuamhncm91cGFubnVpdGll
cy5jb22CFXd3dy5qaHJld2FyZHNsaWZlLmNvbYISd3d3Lmpoc2FsZXNodWIuY29t
ghR3d3cuamhzaW1wbGV0ZXJtLmNvbYITd3d3LmpvaG5oYW5jb2NrLmNvbYIZd3d3
LmpvaG5oYW5jb2NrYXNwaXJlLmNvbYIcd3d3LmpvaG5oYW5jb2NraW5zdXJhbmNl
LmNvbYIXd3d3Lm1hbnVsaWZlYmVybXVkYS5jb22CInd3dy5zYWxlcy5qb2huaGFu
Y29ja2luc3VyYW5jZS5jb20wDQYJKoZIhvcNAQELBQADggEBAA2Zx9jEXeakbnB3
2tAy0YYbrz+chpXlzBN99MfnpBz/pkCq1NTF+qjHT8hSRWa5aM7OQTRa7ne7oBEf
qnUwmMY0WlYPRYuB1eb7ui4OIgrHHrdIUrffZWmD+aomQkBX2mrkjchJ9TRXVpUo
hG0UsZiZ0+sQzOFZQs9VAq4uhtZLAP8QVQswTwxORTPH0tjOkF2vOOefJlnU924A
1TDKEFpMWlaCErn+TJBSCOXAoJoiSTsinDFBufqO7uHxAkcdBLOiUCM4AxlseRoE
bDvV3wOXtUDFDBjFHt209Etegf32MhQ6f20/Bu5wRAKE3R6/HneKQdHUNFVLcYrM
ONEYQy0=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuBZwypOc+xOMU1Mvz64
NpzfMuOG2Ggu35CMubpa4PSrjjh3jsDoHKIAi1pz1tZN+Ec42Vt7gZEHZLkLQVc0
WCW3Y3ZrN76D0W33iAXPPZNizoPCUe33j6Zi7DvAEaMvSgT73FWqPONlCR0snRrg
BY4g68M98Z6Ub+35EgtomnvVXb9tinfSC9F45dFmvyu0CK4ST/t15GzQ7rtg2qz9
AfpOEbMQZwQWwzErLor2+YB9kzO+SazJtWp1xHTFsUWhklbtkn8O8nwV0Jh+LcPC
9ajNpxgkyFGF78ZXEWKRx98ml9HirAbsVSBaTik0oyFgkFRNPR/hKUFEtqqI5TKs
ewIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 84624901974404422199231670551810365362
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-04-08 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-04-08 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US Segment'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'johnhancockinsurance.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26115722244039143834545856076161342602803546635614154223113558620238365835424894848358917087843413259195723113002585144173055113988214753296655799128530221871236228747698861550511008425962216742593741414198666162746061361287292656224061671775814798711497606586054495408983350889774324897212455690651837572712370104924500344294599405409860213429721694988953658007734175095894349349093959352386151697866464679460177114697164982416421669311416510218023707237804119344820276197945467179436391934152703456112495476335127074097203560047472368650402028377226227438603752198385680978288876075249857880414258900736657922894971
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d6a469fef438026b25e648dd690dd394b5d08bfd
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007600adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828a000001800a60d3700000040300473045022065cacfe5e144a74d984fbcc665706061befc195df735cdbac6c1335d27357f690221008715a4f71e464b5adf8041c28463c4f1d743e9ab1ec029a0506131580a9f65c90076007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb52000001800a60d34400000403004730450221008427746b976bc4704941a0cf21d9164cd4823c961703b131471f0a648ccf614602200cfcc4d6e39003da6145b77643e63e17518903e80d31725140fa97daf557de6e007500e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e000001800a60d308000004030046304402203f973c65e692e89fe9c0e3064f4263fae5bd45674fd27aa36c9037ccc8b590100220738df8f966bde7f2466860bb2fcdc0f2564ffdf65689f96ff36e1d6e3f1aa7da
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1751 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'advisor-dev-tmp.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'advisor-stg-tmp.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'advisor-tst.tmp.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'advisor.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'author-dev-tmp.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'author-qa-tmp.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'author-stg-tmp.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'author-tmp.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev-tmp.jhsimpleterm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.jhgroupannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.johnhancockaspire.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.mysales.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.rewardslife.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.tmp.mysales.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhaspire.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhgroupannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhrewardslife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhrewardslife.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhsimpleterm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancockaspire.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mysales.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'preprod.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'preview.stg.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa-tmp.jhsimpleterm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.jhaspire.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.jhgroupannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.johnhancockaspire.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.mysales.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.rewardslife.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sales-dev-tmp.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sales-stg-tmp.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sales-tst-tmp.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sales.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg-tmp.jhsimpleterm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg.jhaspire.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg.jhgroupannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg.johnhancockaspire.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg.manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg.mysales.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg.rewardslife.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.advisor.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhaspire.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhgroupannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhrewardslife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhsaleshub.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhsimpleterm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.johnhancockaspire.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sales.johnhancockinsurance.com'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		000d99c7d8c45de6a46e7077dad032d1861baf3f9c8695e5cc137df4c7e7a41cffa640aad4d4c5faa8c74fc8524566b968cece41345aee77bba0111faa753098c6345a560f458b81d5e6fbba2e0e220ac71eb74852b7df656983f9aa26424057da6ae48dc849f53457569528846d14b19899d3eb10cce15942cf5502ae2e86d64b00ff10550b304f0c4e4533c7d2d8ce905daf38e79f2659d4f76e00d530ca105a4c5a568212b9fe4c905208e5c0a09a22493b229c3141b9fa8eeee1f102471d04b3a250233803196c791a046c3bd5df0397b540c50c18c51eddb4f44b5e81fdf632143a7f6d3f06ee70440284dd1ebf1e778a41d1d434554b718acc38d118432d