qa.johnhancock.com
- Manulife Financial Corporation -
Issued by Sectigo RSA Organization Validation Secure Server CA
About this certificate
This digital certificate with serial number d4:9f:61:a2:88:cd:0e:32:2b:fe:58:6e:d5:a2:a6:ee was issued on by Sectigo Limited.
With 18 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Manulife Financial Corporation
Organization:
Manulife Financial Corporation
State / Province:
Ontario
Country: CA
Country: CA
Sectigo Limited
Organization:
Sectigo Limited
State / Province:
Greater Manchester
Locality: Salford
Country: GB
Locality: Salford
Country: GB
This certificate will expire on
Certificate Details
Serial Number (hex): d4:9f:61:a2:88:cd:0e:32:2b:fe:58:6e:d5:a2:a6:eeSerial Number (int): 282623890577940942338759219341938566894
Serial Number lenght: 128 bits, 16 octets
SubjectKeyId: a6:19:b3:17:27:be:81:74:24:e5:85:97:43:2c:53:ee:fa:5b:b2:8d
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb
Fingerprint (sha1): f1:1b:9d:97:a0:61:0c:a6:07:38:4b:a9:d3:2f:3a:55:d1:13:79:0a
Fingerprint (sha256): 01:19:ff:ce:c4:63:c4:86:ed:68:51:bd:04:94:84:4c:82:13:70:98:e5:0b:a1:71:e4:a4:4c:2d:04:f4:ad:7b
Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt
Revocation information
OCSP Server: http://ocsp.sectigo.comCRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl
Check the revocation status for certificate qa.johnhancock.com
18
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for qa.johnhancock.com
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
qa.johnhancock.com
azaphnerpt01.mfcgd.com
azaphnerpt01a1.mfcgd.com
inside1.mod.manulifeusa.com
mstrtst.rps.jhancock.com
mstrtsteai.rps.jhancock.com
mstruat.rps.jhancock.com
mstruateai.rps.jhancock.com
outside1.mod.manulifeusa.com
preview.qa64.onejohnhancock.com
qa.manulifebermuda.com
qa4.johnhancockaspire.com
qa64.jhaspire.com
sales-tst-tmp.johnhancockinsurance.com
test.jhaspire.com
www.qa.johnhancock.com
www.qa.manulifebermuda.com
www.sales-tst-tmp.johnhancockinsurance.com
azaphnerpt01.mfcgd.com
azaphnerpt01a1.mfcgd.com
inside1.mod.manulifeusa.com
mstrtst.rps.jhancock.com
mstrtsteai.rps.jhancock.com
mstruat.rps.jhancock.com
mstruateai.rps.jhancock.com
outside1.mod.manulifeusa.com
preview.qa64.onejohnhancock.com
qa.manulifebermuda.com
qa4.johnhancockaspire.com
qa64.jhaspire.com
sales-tst-tmp.johnhancockinsurance.com
test.jhaspire.com
www.qa.johnhancock.com
www.qa.manulifebermuda.com
www.sales-tst-tmp.johnhancockinsurance.com
Other certificates including the domain name johnhancock.com
(limited to 100 certificates)
johnhancockinsurance.com
stage.identity.jhancock.com
manulife.com
rps.jhancock.com
manulife.com
uat.igpclaimreporting.jhancock.com
qa.johnhancock.com
johnhancock.com
johnhancock.com
onboarding.retirement.johnhancock.com
johnhancock.com
www.jhinvestments.com
stg.johnhancock.com
myplanuat.johnhancock.com
www.jhinvestments.com
qr.retirement.johnhancock.com
dev-tmp.jhinvestments.com
johnhancock.com
www.jhinvestments.com
manulife.com
johnhancock.com
advisorfeedbackhub.johnhancock.com
manulife.com
johnhancock.com
johnhancock.com
crverifyidentity-dev.johnhancock.com
myplanuat.johnhancock.com
www.jhinvestments.com
johnhancock.com
img.retirement.johnhancock.com
johnhancock.com
rps.jhancock.com
manulife.com
johnhancock.com
manulife.com
instant-apply.johnhancockinsurance.com
manulife.com
manulife.com
rps.jhancock.com
instant-apply.johnhancockinsurance.com
qr.myplan.johnhancock.com
manulife.com
digital-uat.customer.johnhancock.com
myplanuat.johnhancock.com
manulife.com
www.jhinvestments.com
digital-uat.customer.johnhancock.com
personalizedretirementadvice.johnhancock.com
rps.jhancock.com
www.jhinvestments.com
johnhancock.com
secure.johnhancock.com
manulife.com
johnhancock.com
johnhancock.com
www.jhinvestments.com
manulife.com
ww4.johnhancock.com
johnhancock.com
johnhancock.com
manulife.com
preferences.johnhancock.com
qr.myplan.johnhancock.com
img.retirement.johnhancock.com
johnhancock.com
manulife.com
jhshsm.johnhancock.com
qr.myplan.johnhancock.com
johnhancock.com
ww4.johnhancock.com
quote-uat.johnhancock.com
stg.johnhancock.com
johnhancock.com
digital.customer.johnhancock.com
johnhancock.com
johnhancockinsurance.com
johnhancock.com
retirementinfo.johnhancock.com
jhaconnect.jhannuities.com
johnhancock.com
johnhancock.com
onboarding.retirement.johnhancock.com
protect.johnhancock.com
jhshsm.johnhancock.com
rps.jhancock.com
qr.retirement.johnhancock.com
manulife.com
johnhancock.com
newonboardingaugust2023.retirement.johnhancock.com
johnhancock.com
rps.jhancock.com
manulife.com
johnhancock.com
manulife.com
johnhancock.com
finapp.johnhancock.com
johnhancock.com
manulife.com
manulife.com
preferencesstg.johnhancock.com
stage.identity.jhancock.com
manulife.com
rps.jhancock.com
manulife.com
uat.igpclaimreporting.jhancock.com
qa.johnhancock.com
johnhancock.com
johnhancock.com
onboarding.retirement.johnhancock.com
johnhancock.com
www.jhinvestments.com
stg.johnhancock.com
myplanuat.johnhancock.com
www.jhinvestments.com
qr.retirement.johnhancock.com
dev-tmp.jhinvestments.com
johnhancock.com
www.jhinvestments.com
manulife.com
johnhancock.com
advisorfeedbackhub.johnhancock.com
manulife.com
johnhancock.com
johnhancock.com
crverifyidentity-dev.johnhancock.com
myplanuat.johnhancock.com
www.jhinvestments.com
johnhancock.com
img.retirement.johnhancock.com
johnhancock.com
rps.jhancock.com
manulife.com
johnhancock.com
manulife.com
instant-apply.johnhancockinsurance.com
manulife.com
manulife.com
rps.jhancock.com
instant-apply.johnhancockinsurance.com
qr.myplan.johnhancock.com
manulife.com
digital-uat.customer.johnhancock.com
myplanuat.johnhancock.com
manulife.com
www.jhinvestments.com
digital-uat.customer.johnhancock.com
personalizedretirementadvice.johnhancock.com
rps.jhancock.com
www.jhinvestments.com
johnhancock.com
secure.johnhancock.com
manulife.com
johnhancock.com
johnhancock.com
www.jhinvestments.com
manulife.com
ww4.johnhancock.com
johnhancock.com
johnhancock.com
manulife.com
preferences.johnhancock.com
qr.myplan.johnhancock.com
img.retirement.johnhancock.com
johnhancock.com
manulife.com
jhshsm.johnhancock.com
qr.myplan.johnhancock.com
johnhancock.com
ww4.johnhancock.com
quote-uat.johnhancock.com
stg.johnhancock.com
johnhancock.com
digital.customer.johnhancock.com
johnhancock.com
johnhancockinsurance.com
johnhancock.com
retirementinfo.johnhancock.com
jhaconnect.jhannuities.com
johnhancock.com
johnhancock.com
onboarding.retirement.johnhancock.com
protect.johnhancock.com
jhshsm.johnhancock.com
rps.jhancock.com
qr.retirement.johnhancock.com
manulife.com
johnhancock.com
newonboardingaugust2023.retirement.johnhancock.com
johnhancock.com
rps.jhancock.com
manulife.com
johnhancock.com
manulife.com
johnhancock.com
finapp.johnhancock.com
johnhancock.com
manulife.com
manulife.com
preferencesstg.johnhancock.com
Certificate
The complete raw certificate details for qa.johnhancock.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIJwzCCCKugAwIBAgIRANSfYaKIzQ4yK/5YbtWipu4wDQYJKoZIhvcNAQELBQAw gZUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE9MDsGA1UE AxM0U2VjdGlnbyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNl cnZlciBDQTAeFw0yMzA5MjIwMDAwMDBaFw0yNDA5MjEyMzU5NTlaMGUxCzAJBgNV BAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMScwJQYDVQQKEx5NYW51bGlmZSBGaW5h bmNpYWwgQ29ycG9yYXRpb24xGzAZBgNVBAMTEnFhLmpvaG5oYW5jb2NrLmNvbTCC AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKhG5kshrfQPNdpi5Htahv3k UFZ2KW5qlAffR4o8JrW755+GGKybAsYseJCyrH5IbzElEn4qdsPgC6BO8r3kk3B1 zBBoMNhrC9N5DTN9ypqECVMvfpq+14F54CjJHNIjtuGhYh0STZ3Q82woOfAnnBcG 4STAQy8G6VERHJcR5oKFlaTHcf26fK7tY0D8LPDwLMa7U60IghwpJ0U5HpJ3sbxa LP5Ruk1yTMcCDuxYuXKgfeNk8Ge10wMhqk1HAR2Hp+Wz8931HezpVVaWka3Y+SMS xxggBr+pvHafr9lsjnfrhXWFKRzQCDS6a9mbN1Tw2g6W9YzEg6hS+Mr9sBkLT5qs O45oOApc7FxfwWAHBKkS6HB3O8AQd7EZbVVH9qkbH2kmtu94Abslvy6H8sQAACoE eNhCdZZr7EMDpLqilhU98Gpjwxol6nwtQQEckMEV/JnY+pQ6NTL/NZw0LDzzC4bZ oLvUAQ3IsaFX2w6IWanFoVMSShXDKLIs5R3kCfpc6Y7S5kv6q+MWaJ5CInZKdDrk HCrqEEx6sUqM06DEvsDah/2UWxVY2rL2d0NKLaYAfbGuexjHC2jjJ0ABMJVgg8Kf rH07K1YwIMgYevLBO1dHSufo6ep6l3jzDLNsfePCrIPiD9WJouzwzZtzfRFBdKFe myyE4X6KICMbVjJSV4JLAgMBAAGjggU7MIIFNzAfBgNVHSMEGDAWgBQX2dYlJ2f5 McJJQ9kwNkSMbKlP6zAdBgNVHQ4EFgQUphmzFye+gXQk5YWXQyxT7vpbso0wDgYD VR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG CCsGAQUFBwMCMEoGA1UdIARDMEEwNQYMKwYBBAGyMQECAQMEMCUwIwYIKwYBBQUH AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECAjBaBgNVHR8EUzBR ME+gTaBLhklodHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29SU0FPcmdhbml6 YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGKBggrBgEFBQcBAQR+ MHwwVQYIKwYBBQUHMAKGSWh0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1JT QU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYB BQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMIIBfwYKKwYBBAHWeQIEAgSC AW8EggFrAWkAdgB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAYq9 CoO4AAAEAwBHMEUCIF1Ph4I0JFO40H6VWtkknpp2rLdV+z7gopb+tc8bWeMpAiEA gusYu+vytmgucfflfmRddhaZBgUydnonlcqlU6i7nugAdgDatr9rP7W2Ip+bwrtc a+hwkXFsu1GEhTS9pD0wSNf7qwAAAYq9CoWUAAAEAwBHMEUCIALTONacySRDK6vm 3uleDlJ05HXfW6/KFfq5V8uJ0rrCAiEA63axMvI4sUO+5LqpeMXoj6tXZBgn7DKz wBTSRMnL5ngAdwDuzdBk1dsazsVct520zROiModGfLzs3sNRSFlGcR+1mwAAAYq9 CoPmAAAEAwBIMEYCIQCZtbFlrMrc3fTO91TaXDVYHnM6nCECQITHR3KmV1OxdwIh AJmB9JvbyrGM4YzKsDDShQ5HEGTp4RqUAeHP3k3Cjw1FMIIB/gYDVR0RBIIB9TCC AfGCEnFhLmpvaG5oYW5jb2NrLmNvbYIWYXphcGhuZXJwdDAxLm1mY2dkLmNvbYIY YXphcGhuZXJwdDAxYTEubWZjZ2QuY29tghtpbnNpZGUxLm1vZC5tYW51bGlmZXVz YS5jb22CGG1zdHJ0c3QucnBzLmpoYW5jb2NrLmNvbYIbbXN0cnRzdGVhaS5ycHMu amhhbmNvY2suY29tghhtc3RydWF0LnJwcy5qaGFuY29jay5jb22CG21zdHJ1YXRl YWkucnBzLmpoYW5jb2NrLmNvbYIcb3V0c2lkZTEubW9kLm1hbnVsaWZldXNhLmNv bYIfcHJldmlldy5xYTY0Lm9uZWpvaG5oYW5jb2NrLmNvbYIWcWEubWFudWxpZmVi ZXJtdWRhLmNvbYIZcWE0LmpvaG5oYW5jb2NrYXNwaXJlLmNvbYIRcWE2NC5qaGFz cGlyZS5jb22CJnNhbGVzLXRzdC10bXAuam9obmhhbmNvY2tpbnN1cmFuY2UuY29t ghF0ZXN0LmpoYXNwaXJlLmNvbYIWd3d3LnFhLmpvaG5oYW5jb2NrLmNvbYIad3d3 LnFhLm1hbnVsaWZlYmVybXVkYS5jb22CKnd3dy5zYWxlcy10c3QtdG1wLmpvaG5o YW5jb2NraW5zdXJhbmNlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEARxHib5fnT2+T mouUckwdrsJl1HJ1eo6Ki/sZaUpua1J94E+jJXKytk81zV/Q5zKmdPhGYjIswQ0Y 2OowjGMu/Jmw5PAXl4n8GF4TRRtLyv0dARkzm9pY4ZUuMpuxvnxvd+GzkmgHEsqv TULTZ3oc+0hVH56yt4PnrodOvW9/d/xZbLNVew0OOYpX+bA+cnLqXzuRECx7PHzk FiaMiPCsTepKxWa3g7sBv+IhImw4hrM4uPaOVivg6g+6JKahRvL4yZztwSe7+ees dFUmGBKFo6DzMYd4Xai2zE92v4BVgyJT5buLZu4HW/68qY86fBHoRYp21h7/mPZQ QCQHEkPbEg== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqEbmSyGt9A812mLke1qG /eRQVnYpbmqUB99Hijwmtbvnn4YYrJsCxix4kLKsfkhvMSUSfip2w+ALoE7yveST cHXMEGgw2GsL03kNM33KmoQJUy9+mr7XgXngKMkc0iO24aFiHRJNndDzbCg58Cec FwbhJMBDLwbpUREclxHmgoWVpMdx/bp8ru1jQPws8PAsxrtTrQiCHCknRTkeknex vFos/lG6TXJMxwIO7Fi5cqB942TwZ7XTAyGqTUcBHYen5bPz3fUd7OlVVpaRrdj5 IxLHGCAGv6m8dp+v2WyOd+uFdYUpHNAINLpr2Zs3VPDaDpb1jMSDqFL4yv2wGQtP mqw7jmg4ClzsXF/BYAcEqRLocHc7wBB3sRltVUf2qRsfaSa273gBuyW/LofyxAAA KgR42EJ1lmvsQwOkuqKWFT3wamPDGiXqfC1BARyQwRX8mdj6lDo1Mv81nDQsPPML htmgu9QBDcixoVfbDohZqcWhUxJKFcMosizlHeQJ+lzpjtLmS/qr4xZonkIidkp0 OuQcKuoQTHqxSozToMS+wNqH/ZRbFVjasvZ3Q0otpgB9sa57GMcLaOMnQAEwlWCD wp+sfTsrVjAgyBh68sE7V0dK5+jp6nqXePMMs2x948Ksg+IP1Ymi7PDNm3N9EUF0 oV6bLIThfoogIxtWMlJXgksCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 282623890577940942338759219341938566894 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-09-22 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-09-21 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial Corporation' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'qa.johnhancock.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 686510066970157089151508585737773112859402103333117883132639920730487425660549355209624499885759521183489731259243325383251686672058164653216764451827019277703221061908387785687870757974567425654556105442661395754305887235749436422521059453430674264451700385282020726142703665391921588226961182518095792951579037498468598963658621655084583675552743693720030446489701585514824912580327361283355374906829918022276798048941397193120097904404558350435125367340142928905914578654480091283747872502017050913712037873119490643362440088653019891622006123063990537266741769699068606715182519374444091706350951814928197188967664754226384058321237529677635690292869260517272526315004099941328390411817940754793610716956255206615540269819573904232166408563347812447602332921832137217880790213975140543746462832304632812302449243628576991760710684808529353985772252198962660323778612156926770059201130487231852581177774380009760914007559683040113664818976200089183127924269652027998185198059435167676889951380237259574557107574688659631363019229279078845895790751069094029276237512346118271948776339159076243473284056267517584795908783371357831596716018103363243887568317683816813418706566291354527037201810984757598767170860521114350649249071691 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) a619b31727be817424e58597432c53eefa5bb28d . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes) 016900760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018abd0a83b8000004030047304502205d4f8782342453b8d07e955ad9249e9a76acb755fb3ee0a296feb5cf1b59e32902210082eb18bbebf2b6682e71f7e57e645d761699060532767a2795caa553a8bb9ee8007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018abd0a85940000040300473045022002d338d69cc924432babe6dee95e0e5274e475df5bafca15fab957cb89d2bac2022100eb76b132f238b143bee4baa978c5e88fab57641827ec32b3c014d244c9cbe678007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018abd0a83e6000004030048304602210099b5b165accadcddf4cef754da5c35581e733a9c21024084c74772a65753b1770221009981f49bdbcab18ce18ccab030d2850e471064e9e11a9401e1cfde4dc28f0d45 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (501 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.johnhancock.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'azaphnerpt01.mfcgd.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'azaphnerpt01a1.mfcgd.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'inside1.mod.manulifeusa.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mstrtst.rps.jhancock.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mstrtsteai.rps.jhancock.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mstruat.rps.jhancock.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mstruateai.rps.jhancock.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'outside1.mod.manulifeusa.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'preview.qa64.onejohnhancock.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.manulifebermuda.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa4.johnhancockaspire.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa64.jhaspire.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sales-tst-tmp.johnhancockinsurance.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.jhaspire.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.qa.johnhancock.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.qa.manulifebermuda.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sales-tst-tmp.johnhancockinsurance.com' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 004711e26f97e74f6f939a8b94724c1daec265d472757a8e8a8bfb19694a6e6b527de04fa32572b2b64f35cd5fd0e732a674f84662322cc10d18d8ea308c632efc99b0e4f0179789fc185e13451b4bcafd1d0119339bda58e1952e329bb1be7c6f77e1b392680712caaf4d42d3677a1cfb48551f9eb2b783e7ae874ebd6f7f77fc596cb3557b0d0e398a57f9b03e7272ea5f3b91102c7b3c7ce416268c88f0ac4dea4ac566b783bb01bfe221226c3886b338b8f68e562be0ea0fba24a6a146f2f8c99cedc127bbf9e7ac745526181285a3a0f33187785da8b6cc4f76bf8055832253e5bb8b66ee075bfebca98f3a7c11e8458a76d61eff98f6504024071243db12