qa.johnhancock.com

- Manulife Financial Corporation -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number d4:9f:61:a2:88:cd:0e:32:2b:fe:58:6e:d5:a2:a6:ee was issued on by Sectigo Limited.

With 18 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Manulife Financial Corporation

Organization: Manulife Financial Corporation
State / Province: Ontario
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate will expire on

Certificate Details

Serial Number (hex): d4:9f:61:a2:88:cd:0e:32:2b:fe:58:6e:d5:a2:a6:ee
Serial Number (int): 282623890577940942338759219341938566894
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: a6:19:b3:17:27:be:81:74:24:e5:85:97:43:2c:53:ee:fa:5b:b2:8d
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): f1:1b:9d:97:a0:61:0c:a6:07:38:4b:a9:d3:2f:3a:55:d1:13:79:0a
Fingerprint (sha256): 01:19:ff:ce:c4:63:c4:86:ed:68:51:bd:04:94:84:4c:82:13:70:98:e5:0b:a1:71:e4:a4:4c:2d:04:f4:ad:7b

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate qa.johnhancock.com

18

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for qa.johnhancock.com

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

qa.johnhancock.com
azaphnerpt01.mfcgd.com
azaphnerpt01a1.mfcgd.com
inside1.mod.manulifeusa.com
mstrtst.rps.jhancock.com
mstrtsteai.rps.jhancock.com
mstruat.rps.jhancock.com
mstruateai.rps.jhancock.com
outside1.mod.manulifeusa.com
preview.qa64.onejohnhancock.com
qa.manulifebermuda.com
qa4.johnhancockaspire.com
qa64.jhaspire.com
sales-tst-tmp.johnhancockinsurance.com
test.jhaspire.com
www.qa.johnhancock.com
www.qa.manulifebermuda.com
www.sales-tst-tmp.johnhancockinsurance.com

Other certificates including the domain name johnhancock.com

(limited to 100 certificates)
johnhancockinsurance.com
stage.identity.jhancock.com
manulife.com
rps.jhancock.com
manulife.com
uat.igpclaimreporting.jhancock.com
qa.johnhancock.com
johnhancock.com
johnhancock.com
onboarding.retirement.johnhancock.com
johnhancock.com
www.jhinvestments.com
stg.johnhancock.com
myplanuat.johnhancock.com
www.jhinvestments.com
qr.retirement.johnhancock.com
dev-tmp.jhinvestments.com
johnhancock.com
www.jhinvestments.com
manulife.com
johnhancock.com
advisorfeedbackhub.johnhancock.com
manulife.com
johnhancock.com
johnhancock.com
crverifyidentity-dev.johnhancock.com
myplanuat.johnhancock.com
www.jhinvestments.com
johnhancock.com
img.retirement.johnhancock.com
johnhancock.com
rps.jhancock.com
manulife.com
johnhancock.com
manulife.com
instant-apply.johnhancockinsurance.com
manulife.com
manulife.com
rps.jhancock.com
instant-apply.johnhancockinsurance.com
qr.myplan.johnhancock.com
manulife.com
digital-uat.customer.johnhancock.com
myplanuat.johnhancock.com
manulife.com
www.jhinvestments.com
digital-uat.customer.johnhancock.com
personalizedretirementadvice.johnhancock.com
rps.jhancock.com
www.jhinvestments.com
johnhancock.com
secure.johnhancock.com
manulife.com
johnhancock.com
johnhancock.com
www.jhinvestments.com
manulife.com
ww4.johnhancock.com
johnhancock.com
johnhancock.com
manulife.com
preferences.johnhancock.com
qr.myplan.johnhancock.com
img.retirement.johnhancock.com
johnhancock.com
manulife.com
jhshsm.johnhancock.com
qr.myplan.johnhancock.com
johnhancock.com
ww4.johnhancock.com
quote-uat.johnhancock.com
stg.johnhancock.com
johnhancock.com
digital.customer.johnhancock.com
johnhancock.com
johnhancockinsurance.com
johnhancock.com
retirementinfo.johnhancock.com
jhaconnect.jhannuities.com
johnhancock.com
johnhancock.com
onboarding.retirement.johnhancock.com
protect.johnhancock.com
jhshsm.johnhancock.com
rps.jhancock.com
qr.retirement.johnhancock.com
manulife.com
johnhancock.com
newonboardingaugust2023.retirement.johnhancock.com
johnhancock.com
rps.jhancock.com
manulife.com
johnhancock.com
manulife.com
johnhancock.com
finapp.johnhancock.com
johnhancock.com
manulife.com
manulife.com
preferencesstg.johnhancock.com

Certificate

The complete raw certificate details for qa.johnhancock.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIJwzCCCKugAwIBAgIRANSfYaKIzQ4yK/5YbtWipu4wDQYJKoZIhvcNAQELBQAw
gZUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE9MDsGA1UE
AxM0U2VjdGlnbyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNl
cnZlciBDQTAeFw0yMzA5MjIwMDAwMDBaFw0yNDA5MjEyMzU5NTlaMGUxCzAJBgNV
BAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMScwJQYDVQQKEx5NYW51bGlmZSBGaW5h
bmNpYWwgQ29ycG9yYXRpb24xGzAZBgNVBAMTEnFhLmpvaG5oYW5jb2NrLmNvbTCC
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKhG5kshrfQPNdpi5Htahv3k
UFZ2KW5qlAffR4o8JrW755+GGKybAsYseJCyrH5IbzElEn4qdsPgC6BO8r3kk3B1
zBBoMNhrC9N5DTN9ypqECVMvfpq+14F54CjJHNIjtuGhYh0STZ3Q82woOfAnnBcG
4STAQy8G6VERHJcR5oKFlaTHcf26fK7tY0D8LPDwLMa7U60IghwpJ0U5HpJ3sbxa
LP5Ruk1yTMcCDuxYuXKgfeNk8Ge10wMhqk1HAR2Hp+Wz8931HezpVVaWka3Y+SMS
xxggBr+pvHafr9lsjnfrhXWFKRzQCDS6a9mbN1Tw2g6W9YzEg6hS+Mr9sBkLT5qs
O45oOApc7FxfwWAHBKkS6HB3O8AQd7EZbVVH9qkbH2kmtu94Abslvy6H8sQAACoE
eNhCdZZr7EMDpLqilhU98Gpjwxol6nwtQQEckMEV/JnY+pQ6NTL/NZw0LDzzC4bZ
oLvUAQ3IsaFX2w6IWanFoVMSShXDKLIs5R3kCfpc6Y7S5kv6q+MWaJ5CInZKdDrk
HCrqEEx6sUqM06DEvsDah/2UWxVY2rL2d0NKLaYAfbGuexjHC2jjJ0ABMJVgg8Kf
rH07K1YwIMgYevLBO1dHSufo6ep6l3jzDLNsfePCrIPiD9WJouzwzZtzfRFBdKFe
myyE4X6KICMbVjJSV4JLAgMBAAGjggU7MIIFNzAfBgNVHSMEGDAWgBQX2dYlJ2f5
McJJQ9kwNkSMbKlP6zAdBgNVHQ4EFgQUphmzFye+gXQk5YWXQyxT7vpbso0wDgYD
VR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMEoGA1UdIARDMEEwNQYMKwYBBAGyMQECAQMEMCUwIwYIKwYBBQUH
AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECAjBaBgNVHR8EUzBR
ME+gTaBLhklodHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29SU0FPcmdhbml6
YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGKBggrBgEFBQcBAQR+
MHwwVQYIKwYBBQUHMAKGSWh0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1JT
QU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYB
BQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMIIBfwYKKwYBBAHWeQIEAgSC
AW8EggFrAWkAdgB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAYq9
CoO4AAAEAwBHMEUCIF1Ph4I0JFO40H6VWtkknpp2rLdV+z7gopb+tc8bWeMpAiEA
gusYu+vytmgucfflfmRddhaZBgUydnonlcqlU6i7nugAdgDatr9rP7W2Ip+bwrtc
a+hwkXFsu1GEhTS9pD0wSNf7qwAAAYq9CoWUAAAEAwBHMEUCIALTONacySRDK6vm
3uleDlJ05HXfW6/KFfq5V8uJ0rrCAiEA63axMvI4sUO+5LqpeMXoj6tXZBgn7DKz
wBTSRMnL5ngAdwDuzdBk1dsazsVct520zROiModGfLzs3sNRSFlGcR+1mwAAAYq9
CoPmAAAEAwBIMEYCIQCZtbFlrMrc3fTO91TaXDVYHnM6nCECQITHR3KmV1OxdwIh
AJmB9JvbyrGM4YzKsDDShQ5HEGTp4RqUAeHP3k3Cjw1FMIIB/gYDVR0RBIIB9TCC
AfGCEnFhLmpvaG5oYW5jb2NrLmNvbYIWYXphcGhuZXJwdDAxLm1mY2dkLmNvbYIY
YXphcGhuZXJwdDAxYTEubWZjZ2QuY29tghtpbnNpZGUxLm1vZC5tYW51bGlmZXVz
YS5jb22CGG1zdHJ0c3QucnBzLmpoYW5jb2NrLmNvbYIbbXN0cnRzdGVhaS5ycHMu
amhhbmNvY2suY29tghhtc3RydWF0LnJwcy5qaGFuY29jay5jb22CG21zdHJ1YXRl
YWkucnBzLmpoYW5jb2NrLmNvbYIcb3V0c2lkZTEubW9kLm1hbnVsaWZldXNhLmNv
bYIfcHJldmlldy5xYTY0Lm9uZWpvaG5oYW5jb2NrLmNvbYIWcWEubWFudWxpZmVi
ZXJtdWRhLmNvbYIZcWE0LmpvaG5oYW5jb2NrYXNwaXJlLmNvbYIRcWE2NC5qaGFz
cGlyZS5jb22CJnNhbGVzLXRzdC10bXAuam9obmhhbmNvY2tpbnN1cmFuY2UuY29t
ghF0ZXN0LmpoYXNwaXJlLmNvbYIWd3d3LnFhLmpvaG5oYW5jb2NrLmNvbYIad3d3
LnFhLm1hbnVsaWZlYmVybXVkYS5jb22CKnd3dy5zYWxlcy10c3QtdG1wLmpvaG5o
YW5jb2NraW5zdXJhbmNlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEARxHib5fnT2+T
mouUckwdrsJl1HJ1eo6Ki/sZaUpua1J94E+jJXKytk81zV/Q5zKmdPhGYjIswQ0Y
2OowjGMu/Jmw5PAXl4n8GF4TRRtLyv0dARkzm9pY4ZUuMpuxvnxvd+GzkmgHEsqv
TULTZ3oc+0hVH56yt4PnrodOvW9/d/xZbLNVew0OOYpX+bA+cnLqXzuRECx7PHzk
FiaMiPCsTepKxWa3g7sBv+IhImw4hrM4uPaOVivg6g+6JKahRvL4yZztwSe7+ees
dFUmGBKFo6DzMYd4Xai2zE92v4BVgyJT5buLZu4HW/68qY86fBHoRYp21h7/mPZQ
QCQHEkPbEg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqEbmSyGt9A812mLke1qG
/eRQVnYpbmqUB99Hijwmtbvnn4YYrJsCxix4kLKsfkhvMSUSfip2w+ALoE7yveST
cHXMEGgw2GsL03kNM33KmoQJUy9+mr7XgXngKMkc0iO24aFiHRJNndDzbCg58Cec
FwbhJMBDLwbpUREclxHmgoWVpMdx/bp8ru1jQPws8PAsxrtTrQiCHCknRTkeknex
vFos/lG6TXJMxwIO7Fi5cqB942TwZ7XTAyGqTUcBHYen5bPz3fUd7OlVVpaRrdj5
IxLHGCAGv6m8dp+v2WyOd+uFdYUpHNAINLpr2Zs3VPDaDpb1jMSDqFL4yv2wGQtP
mqw7jmg4ClzsXF/BYAcEqRLocHc7wBB3sRltVUf2qRsfaSa273gBuyW/LofyxAAA
KgR42EJ1lmvsQwOkuqKWFT3wamPDGiXqfC1BARyQwRX8mdj6lDo1Mv81nDQsPPML
htmgu9QBDcixoVfbDohZqcWhUxJKFcMosizlHeQJ+lzpjtLmS/qr4xZonkIidkp0
OuQcKuoQTHqxSozToMS+wNqH/ZRbFVjasvZ3Q0otpgB9sa57GMcLaOMnQAEwlWCD
wp+sfTsrVjAgyBh68sE7V0dK5+jp6nqXePMMs2x948Ksg+IP1Ymi7PDNm3N9EUF0
oV6bLIThfoogIxtWMlJXgksCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 282623890577940942338759219341938566894
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-09-22 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-09-21 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'qa.johnhancock.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 686510066970157089151508585737773112859402103333117883132639920730487425660549355209624499885759521183489731259243325383251686672058164653216764451827019277703221061908387785687870757974567425654556105442661395754305887235749436422521059453430674264451700385282020726142703665391921588226961182518095792951579037498468598963658621655084583675552743693720030446489701585514824912580327361283355374906829918022276798048941397193120097904404558350435125367340142928905914578654480091283747872502017050913712037873119490643362440088653019891622006123063990537266741769699068606715182519374444091706350951814928197188967664754226384058321237529677635690292869260517272526315004099941328390411817940754793610716956255206615540269819573904232166408563347812447602332921832137217880790213975140543746462832304632812302449243628576991760710684808529353985772252198962660323778612156926770059201130487231852581177774380009760914007559683040113664818976200089183127924269652027998185198059435167676889951380237259574557107574688659631363019229279078845895790751069094029276237512346118271948776339159076243473284056267517584795908783371357831596716018103363243887568317683816813418706566291354527037201810984757598767170860521114350649249071691
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							a619b31727be817424e58597432c53eefa5bb28d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							016900760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018abd0a83b8000004030047304502205d4f8782342453b8d07e955ad9249e9a76acb755fb3ee0a296feb5cf1b59e32902210082eb18bbebf2b6682e71f7e57e645d761699060532767a2795caa553a8bb9ee8007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018abd0a85940000040300473045022002d338d69cc924432babe6dee95e0e5274e475df5bafca15fab957cb89d2bac2022100eb76b132f238b143bee4baa978c5e88fab57641827ec32b3c014d244c9cbe678007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018abd0a83e6000004030048304602210099b5b165accadcddf4cef754da5c35581e733a9c21024084c74772a65753b1770221009981f49bdbcab18ce18ccab030d2850e471064e9e11a9401e1cfde4dc28f0d45
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (501 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'azaphnerpt01.mfcgd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'azaphnerpt01a1.mfcgd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'inside1.mod.manulifeusa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mstrtst.rps.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mstrtsteai.rps.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mstruat.rps.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mstruateai.rps.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'outside1.mod.manulifeusa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'preview.qa64.onejohnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa4.johnhancockaspire.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa64.jhaspire.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sales-tst-tmp.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.jhaspire.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.qa.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.qa.manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sales-tst-tmp.johnhancockinsurance.com'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004711e26f97e74f6f939a8b94724c1daec265d472757a8e8a8bfb19694a6e6b527de04fa32572b2b64f35cd5fd0e732a674f84662322cc10d18d8ea308c632efc99b0e4f0179789fc185e13451b4bcafd1d0119339bda58e1952e329bb1be7c6f77e1b392680712caaf4d42d3677a1cfb48551f9eb2b783e7ae874ebd6f7f77fc596cb3557b0d0e398a57f9b03e7272ea5f3b91102c7b3c7ce416268c88f0ac4dea4ac566b783bb01bfe221226c3886b338b8f68e562be0ea0fba24a6a146f2f8c99cedc127bbf9e7ac745526181285a3a0f33187785da8b6cc4f76bf8055832253e5bb8b66ee075bfebca98f3a7c11e8458a76d61eff98f6504024071243db12