www-aem-dev1.manulife.ca

- Manulife Financial -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number 7f:dc:81:f3:3d:e4:71:a1:f7:05:89:f1:0a:09:1b:61 was issued on by Sectigo Limited.

With 33 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Manulife Financial

Organization: Manulife Financial
Organization unit: Canadian Segment
State / Province: Ontario
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): 7f:dc:81:f3:3d:e4:71:a1:f7:05:89:f1:0a:09:1b:61
Serial Number (int): 169956896475999097269891259826419866465
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: b0:e1:c7:fa:5c:1d:cb:64:0b:2d:5e:2c:06:96:a9:83:99:e2:bd:8d
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): 70:75:a1:3c:37:2a:59:e0:35:c1:87:1b:6d:76:eb:55:e0:1f:88:6b
Fingerprint (sha256): 02:1b:1b:67:55:7d:9e:e4:df:dc:bc:62:8e:33:c6:fa:b8:46:ff:4c:1c:c3:98:71:22:32:c5:86:9a:a1:1a:b3

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate www-aem-dev1.manulife.ca

33

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www-aem-dev1.manulife.ca

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www-aem-dev1.manulife.ca
author-aem-dev1.manulife.ca
www-aem-dev1.affinity.manulife.ca
www-aem-dev1.affinity.manuvie.ca
www-aem-dev1.assurance-manuvie.ca
www-aem-dev1.bank.manulife.ca
www-aem-dev1.bank.manuvie.ca
www-aem-dev1.cmtcp.manulife.ca
www-aem-dev1.cmtcp.manuvie.ca
www-aem-dev1.coverme.manulife.ca
www-aem-dev1.coverme.manuvie.ca
www-aem-dev1.cpao.manulife.ca
www-aem-dev1.cpao.manuvie.ca
www-aem-dev1.developer.manulife.ca
www-aem-dev1.developer.manuvie.ca
www-aem-dev1.groupbenefits.manulife.ca
www-aem-dev1.headless.manulife.ca
www-aem-dev1.info.manulife.ca
www-aem-dev1.info.manuvie.ca
www-aem-dev1.manulife-group-plans.ca
www-aem-dev1.manulife-insurance.ca
www-aem-dev1.manulife-securities.manulife.ca
www-aem-dev1.manulife-securities.manuvie.ca
www-aem-dev1.manuvie.ca
www-aem-dev1.offers.bank.manulife.ca
www-aem-dev1.offres.bank.manuvie.ca
www-aem-dev1.regimes-collectifs-manuvie.ca
www-aem-dev1.rr.manulife.ca
www-aem-dev1.rr.manuvie.ca
www-aem-dev1.travel.manulife.ca
www-aem-dev1.travel.manuvie.ca
www-aem-dev1.travelb2b.manulife.ca
www-aem-dev1.travelb2b.manuvie.ca

Other certificates including the domain name manulife.ca

(limited to 100 certificates)
manulife.com
www-aem-qa2.manulife.ca
client.manulifebank.com
manulife.com
manulife.com
content-txn-uat.manulife.ca
www-aem-dev1.manulife.ca
www-aem-dev2.manulife.ca
www-aem-qa.manulife.ca
www-aem-prod.manulife.ca
manulife.com
manulife.com
uat.manulifesecurities.manulife.ca
manulife.com
manulife.com
origin-api.manulifesecurities.manulife.ca
devintegrator.gbi.manulife.ca
manulife.com
manulife.com
manulife.com
cdn.dev.manulife.ca
www-aem-dev1.manulife.ca
manulife.com
mfti-app.np.aks.manulife.ca
preprod.mtls.api.manulife.com
preview.id.manulife.ca
jira-t1.manulife.ca
manulife.com
manulife.com
dev.portal.manulife.ca
advisor.manulife.ca
qa.manulifesecurities.manulife.ca
edge.prod-ext.api.manulife.com
www-aem-prod.manulife.ca
www-aem-dev2.manulife.ca
manulife.com
uat.statements.manulifebank.ca
manulife.com
manulife.com
manulife.com
manulife.com
manulife.com
artifactory-test.manulife.ca
manulife.com
hf.integrator.gbi.manulife.ca
manulife.com
content-txn-dev.manulife.ca
retirement.manulife.ca
saml-advisors.preview.manulife.ca
interac-uat.manulifebank.ca
manulife.com
content-txn-prd.manulife.ca
manulife.com
manulife.com
integrator.gbi.manulife.ca
manulife.com
sf-service-medallia-dev.manulife.ca
manulife.com
manulife.com
www-aem-dev.manulife.ca
manulife.com
manulife.com
manulife.com
manulife.com
manulife.com
manulife.com
nonprod.vitalityservice.manulife.ca
tripx-graphql.dev.aks.manulife.ca
manulife.com
snowbound-viewer-prd.manulife.ca
manulife.com
dev.policyservice.manulife.ca
manulife.com
www-aem-qa.manulife.ca
content-txn-dev.manulife.ca
edge.prod-ext.api.manulife.com
hf.gbi.manulife.ca
interac-uat.manulifebank.ca
manulife.com
manulife.com
www-aem-stage.manulife.ca
manulife.com
manulife.com
manulife.com
mail-ds.manulife.ca
manulife.com
dev.jmeter.aks.manulife.ca
www.insurance.manulife.ca
manulife.com
manulife.com
manulife.com
manulife.com
manulife.com
stage.manulifesecurities.manulife.ca
www-aem-dev.manulife.ca
manulife.com
portal.manulife.ca
manulife.com
manulife.com
uat.advisor.manulife.ca

Certificate

The complete raw certificate details for www-aem-dev1.manulife.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIILRDCCCiygAwIBAgIQf9yB8z3kcaH3BYnxCgkbYTANBgkqhkiG9w0BAQsFADCB
lTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQD
EzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2Vy
dmVyIENBMB4XDTIyMDMwMjAwMDAwMFoXDTIzMDMwMjIzNTk1OVowejELMAkGA1UE
BhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xGzAZBgNVBAoTEk1hbnVsaWZlIEZpbmFu
Y2lhbDEZMBcGA1UECxMQQ2FuYWRpYW4gU2VnbWVudDEhMB8GA1UEAxMYd3d3LWFl
bS1kZXYxLm1hbnVsaWZlLmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2yuH+GnRQmWYGcZKdbSUQZNR4zkT1mLDNzSAz+sHdmKj9npxGYq6NtCysiR3
3izqgPBs1F8jupKHKRMKX7iMNjk35cKrCyWidT7lx5xkeCtUylsVvzbwo266BAI3
iOTGnsSeELVw4Xi0LwbLCAHLi0lkZaMeLqvM9klbp8GLRqMXZGMqKPGUu6Y1z7iQ
fiih1BivTMy4xUy4AU/1HjiPrS5KB+LiJ8tMAfl6jzUAAYydtlwzKQSmwMoxOM18
YRNfvGWWc91IExW3TWzDw3Szfh/SMVrffaQMnqHq8DSip9dtD3sQxN1F/XZ4qfy7
vEFey2bpch/legXd8InNbBZfKwIDAQABo4IHqDCCB6QwHwYDVR0jBBgwFoAUF9nW
JSdn+THCSUPZMDZEjGypT+swHQYDVR0OBBYEFLDhx/pcHctkCy1eLAaWqYOZ4r2N
MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjBKBgNVHSAEQzBBMDUGDCsGAQQBsjEBAgEDBDAlMCMGCCsG
AQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwBAgIwWgYDVR0f
BFMwUTBPoE2gS4ZJaHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBT3Jn
YW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBigYIKwYBBQUH
AQEEfjB8MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3Rp
Z29SU0FPcmdhbml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMG
CCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTCCAX0GCisGAQQB1nkC
BAIEggFtBIIBaQFnAHYArfe++nz/EMiLnT2cHj4YarRnKV3PsQwkyoWGNOvcgooA
AAF/SxNcogAABAMARzBFAiA5ALdhNAbbmThc3eNGHghnH3EsFRjarRDhhNQ/w8qL
XQIhAISePlerm7ZQYGK5u9v8Zz+KMbmm2iwama3DSXX3H0V8AHUAejKMVNi3LbYg
6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAF/SxNcUwAABAMARjBEAiAhQmUC7x/P
57QtK/Enr5jK1z+aTNg6FzXO7iFIBpS7WAIgRbOoBjeMcsiPvW44dHvXg86Ahsmq
eO+7rgCt+VuXXb8AdgDoPtDaPvUGNTLnVyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAA
AX9LE1wsAAAEAwBHMEUCIB7WH6Zpbtgr8Ax4RW2Z1AlVqDUqW6LlS44zU8Uqvdam
AiEA9UnQvQEBrv3rCo1RDrt1C5JczpXJJ+eg1xh86IcDG3swggRtBgNVHREEggRk
MIIEYIIYd3d3LWFlbS1kZXYxLm1hbnVsaWZlLmNhghthdXRob3ItYWVtLWRldjEu
bWFudWxpZmUuY2GCIXd3dy1hZW0tZGV2MS5hZmZpbml0eS5tYW51bGlmZS5jYYIg
d3d3LWFlbS1kZXYxLmFmZmluaXR5Lm1hbnV2aWUuY2GCIXd3dy1hZW0tZGV2MS5h
c3N1cmFuY2UtbWFudXZpZS5jYYIdd3d3LWFlbS1kZXYxLmJhbmsubWFudWxpZmUu
Y2GCHHd3dy1hZW0tZGV2MS5iYW5rLm1hbnV2aWUuY2GCHnd3dy1hZW0tZGV2MS5j
bXRjcC5tYW51bGlmZS5jYYIdd3d3LWFlbS1kZXYxLmNtdGNwLm1hbnV2aWUuY2GC
IHd3dy1hZW0tZGV2MS5jb3Zlcm1lLm1hbnVsaWZlLmNhgh93d3ctYWVtLWRldjEu
Y292ZXJtZS5tYW51dmllLmNhgh13d3ctYWVtLWRldjEuY3Bhby5tYW51bGlmZS5j
YYIcd3d3LWFlbS1kZXYxLmNwYW8ubWFudXZpZS5jYYIid3d3LWFlbS1kZXYxLmRl
dmVsb3Blci5tYW51bGlmZS5jYYIhd3d3LWFlbS1kZXYxLmRldmVsb3Blci5tYW51
dmllLmNhgiZ3d3ctYWVtLWRldjEuZ3JvdXBiZW5lZml0cy5tYW51bGlmZS5jYYIh
d3d3LWFlbS1kZXYxLmhlYWRsZXNzLm1hbnVsaWZlLmNhgh13d3ctYWVtLWRldjEu
aW5mby5tYW51bGlmZS5jYYIcd3d3LWFlbS1kZXYxLmluZm8ubWFudXZpZS5jYYIk
d3d3LWFlbS1kZXYxLm1hbnVsaWZlLWdyb3VwLXBsYW5zLmNhgiJ3d3ctYWVtLWRl
djEubWFudWxpZmUtaW5zdXJhbmNlLmNhgix3d3ctYWVtLWRldjEubWFudWxpZmUt
c2VjdXJpdGllcy5tYW51bGlmZS5jYYIrd3d3LWFlbS1kZXYxLm1hbnVsaWZlLXNl
Y3VyaXRpZXMubWFudXZpZS5jYYIXd3d3LWFlbS1kZXYxLm1hbnV2aWUuY2GCJHd3
dy1hZW0tZGV2MS5vZmZlcnMuYmFuay5tYW51bGlmZS5jYYIjd3d3LWFlbS1kZXYx
Lm9mZnJlcy5iYW5rLm1hbnV2aWUuY2GCKnd3dy1hZW0tZGV2MS5yZWdpbWVzLWNv
bGxlY3RpZnMtbWFudXZpZS5jYYIbd3d3LWFlbS1kZXYxLnJyLm1hbnVsaWZlLmNh
ghp3d3ctYWVtLWRldjEucnIubWFudXZpZS5jYYIfd3d3LWFlbS1kZXYxLnRyYXZl
bC5tYW51bGlmZS5jYYIed3d3LWFlbS1kZXYxLnRyYXZlbC5tYW51dmllLmNhgiJ3
d3ctYWVtLWRldjEudHJhdmVsYjJiLm1hbnVsaWZlLmNhgiF3d3ctYWVtLWRldjEu
dHJhdmVsYjJiLm1hbnV2aWUuY2EwDQYJKoZIhvcNAQELBQADggEBAExPpdjDgyfs
+RZpVajFLZGnhInY47KWEWZgfmqEqyHBLjjrUuQquDUjCJjXmGSU64QWaIBHHAuE
FczFrn9mLByuj1v9ARglZVF9n/x7GGeRQZQP8XytwI8+5hAmne++NegVYq84CIzz
PJDA9cYj/Ix9A6DnAjHB5Carse4+GW68n16/KH5wOsx8GY9CGwnk01QVwsLRFDCC
ytQBVt8NC73W8lQfcJAlzuO9tOigK0YlfjffA6FlLh0gJ1/mdj8Xjne5hr9Mox8u
3SABez75bs3rj+2CJzcsZFzz54aksOeOL2oCI+NFIErbSSiNcag+g7irWOMz/+GD
L6B94rPaowA=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2yuH+GnRQmWYGcZKdbSU
QZNR4zkT1mLDNzSAz+sHdmKj9npxGYq6NtCysiR33izqgPBs1F8jupKHKRMKX7iM
Njk35cKrCyWidT7lx5xkeCtUylsVvzbwo266BAI3iOTGnsSeELVw4Xi0LwbLCAHL
i0lkZaMeLqvM9klbp8GLRqMXZGMqKPGUu6Y1z7iQfiih1BivTMy4xUy4AU/1HjiP
rS5KB+LiJ8tMAfl6jzUAAYydtlwzKQSmwMoxOM18YRNfvGWWc91IExW3TWzDw3Sz
fh/SMVrffaQMnqHq8DSip9dtD3sQxN1F/XZ4qfy7vEFey2bpch/legXd8InNbBZf
KwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 169956896475999097269891259826419866465
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-03-02 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-03-02 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Canadian Segment'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www-aem-dev1.manulife.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27667654789907915868578823552436281895290981967743302470390081940206952042996867529282625584048812866582233008128850663361141519055252434322704648856972480289339888604914450663768782428802039711635307920326777781380878652622388863218871943491776344121353965393267713783663410328002898144004560189535341481936350663029279364233968587052793639712569815326439045146574426463471369657422418888729469736757199862689350125968607746824850119445668243993000169443675953318888572453521342383272393443696477704985032264338444522323718977793873663852302956457667374909738505393917106399395640423720924002875950330687208864243499
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b0e1c7fa5c1dcb640b2d5e2c0696a98399e2bd8d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007600adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828a0000017f4b135ca2000004030047304502203900b7613406db99385cdde3461e08671f712c1518daad10e184d43fc3ca8b5d022100849e3e57ab9bb6506062b9bbdbfc673f8a31b9a6da2c1a99adc34975f71f457c0075007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb520000017f4b135c530000040300463044022021426502ef1fcfe7b42d2bf127af98cad73f9a4cd83a1735ceee21480694bb58022045b3a806378c72c88fbd6e38747bd783ce8086c9aa78efbbae00adf95b975dbf007600e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e0000017f4b135c2c000004030047304502201ed61fa6696ed82bf00c78456d99d40955a8352a5ba2e54b8e3353c52abdd6a6022100f549d0bd0101aefdeb0a8d510ebb750b925cce95c927e7a0d7187ce887031b7b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1124 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'author-aem-dev1.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.affinity.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.affinity.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.assurance-manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.bank.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.bank.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.cmtcp.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.cmtcp.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.coverme.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.coverme.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.cpao.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.cpao.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.developer.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.developer.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.groupbenefits.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.headless.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.info.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.info.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.manulife-group-plans.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.manulife-insurance.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.manulife-securities.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.manulife-securities.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.offers.bank.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.offres.bank.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.regimes-collectifs-manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.rr.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.rr.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.travel.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.travel.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.travelb2b.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev1.travelb2b.manuvie.ca'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004c4fa5d8c38327ecf9166955a8c52d91a78489d8e3b2961166607e6a84ab21c12e38eb52e42ab835230898d7986494eb84166880471c0b8415ccc5ae7f662c1cae8f5bfd01182565517d9ffc7b18679141940ff17cadc08f3ee610269defbe35e81562af38088cf33c90c0f5c623fc8c7d03a0e70231c1e426abb1ee3e196ebc9f5ebf287e703acc7c198f421b09e4d35415c2c2d1143082cad40156df0d0bbdd6f2541f709025cee3bdb4e8a02b46257e37df03a1652e1d20275fe6763f178e77b986bf4ca31f2edd20017b3ef96ecdeb8fed8227372c645cf3e786a4b0e78e2f6a0223e345204adb49288d71a83e83b8ab58e333ffe1832fa07de2b3daa300