www-aem-dev2.manulife.ca

- Manulife Financial -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number c8:ca:c5:55:a8:0a:17:2a:50:15:19:35:aa:8c:c7:d0 was issued on by Sectigo Limited.

With 35 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Manulife Financial

Organization: Manulife Financial
Organization unit: Canadian Segment
State / Province: Ontario
Locality: Toronto
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): c8:ca:c5:55:a8:0a:17:2a:50:15:19:35:aa:8c:c7:d0
Serial Number (int): 266898445543498623156411806525292333008
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 95:e3:39:b9:2b:4a:d6:22:58:5c:60:9f:ab:cf:b1:10:04:86:9c:6c
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): 13:37:0f:d9:f6:32:41:a4:5e:39:38:54:6e:1d:dc:85:b6:93:70:95
Fingerprint (sha256): 02:2a:42:f8:56:85:1f:b7:78:0d:14:66:1d:10:46:fa:17:80:0b:3a:17:46:85:56:ac:70:51:08:85:bd:af:71

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate www-aem-dev2.manulife.ca

35

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www-aem-dev2.manulife.ca

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www-aem-dev2.manulife.ca
author-aem-dev2.manulife.ca
www-aem-dev2.affinity.manulife.ca
www-aem-dev2.affinity.manuvie.ca
www-aem-dev2.assurance-manuvie.ca
www-aem-dev2.bank.manulife.ca
www-aem-dev2.bank.manuvie.ca
www-aem-dev2.cmtcp.manulife.ca
www-aem-dev2.cmtcp.manuvie.ca
www-aem-dev2.coverme.manulife.ca
www-aem-dev2.coverme.manuvie.ca
www-aem-dev2.cpao.manulife.ca
www-aem-dev2.cpao.manuvie.ca
www-aem-dev2.developer.manulife.ca
www-aem-dev2.developer.manuvie.ca
www-aem-dev2.groupbenefits.manulife.ca
www-aem-dev2.headless.manulife.ca
www-aem-dev2.info.manulife.ca
www-aem-dev2.info.manuvie.ca
www-aem-dev2.legacy.manulife.ca
www-aem-dev2.legacy.manuvie.ca
www-aem-dev2.manulife-group-plans.ca
www-aem-dev2.manulife-insurance.ca
www-aem-dev2.manulife-securities.manulife.ca
www-aem-dev2.manulife-securities.manuvie.ca
www-aem-dev2.manuvie.ca
www-aem-dev2.offers.bank.manulife.ca
www-aem-dev2.offres.bank.manuvie.ca
www-aem-dev2.regimes-collectifs-manuvie.ca
www-aem-dev2.rr.manulife.ca
www-aem-dev2.rr.manuvie.ca
www-aem-dev2.travel.manulife.ca
www-aem-dev2.travel.manuvie.ca
www-aem-dev2.travelb2b.manulife.ca
www-aem-dev2.travelb2b.manuvie.ca

Other certificates including the domain name manulife.ca

(limited to 100 certificates)
manulife.com
www-aem-qa2.manulife.ca
client.manulifebank.com
manulife.com
manulife.com
content-txn-uat.manulife.ca
www-aem-dev1.manulife.ca
www-aem-dev2.manulife.ca
www-aem-qa.manulife.ca
www-aem-prod.manulife.ca
manulife.com
manulife.com
uat.manulifesecurities.manulife.ca
manulife.com
manulife.com
origin-api.manulifesecurities.manulife.ca
devintegrator.gbi.manulife.ca
manulife.com
manulife.com
manulife.com
cdn.dev.manulife.ca
www-aem-dev1.manulife.ca
manulife.com
mfti-app.np.aks.manulife.ca
preprod.mtls.api.manulife.com
preview.id.manulife.ca
jira-t1.manulife.ca
manulife.com
manulife.com
dev.portal.manulife.ca
advisor.manulife.ca
qa.manulifesecurities.manulife.ca
edge.prod-ext.api.manulife.com
www-aem-prod.manulife.ca
www-aem-dev2.manulife.ca
manulife.com
uat.statements.manulifebank.ca
manulife.com
manulife.com
manulife.com
manulife.com
manulife.com
artifactory-test.manulife.ca
manulife.com
hf.integrator.gbi.manulife.ca
manulife.com
content-txn-dev.manulife.ca
retirement.manulife.ca
saml-advisors.preview.manulife.ca
interac-uat.manulifebank.ca
manulife.com
content-txn-prd.manulife.ca
manulife.com
manulife.com
integrator.gbi.manulife.ca
manulife.com
sf-service-medallia-dev.manulife.ca
manulife.com
manulife.com
www-aem-dev.manulife.ca
manulife.com
manulife.com
manulife.com
manulife.com
manulife.com
manulife.com
nonprod.vitalityservice.manulife.ca
tripx-graphql.dev.aks.manulife.ca
manulife.com
snowbound-viewer-prd.manulife.ca
manulife.com
dev.policyservice.manulife.ca
manulife.com
www-aem-qa.manulife.ca
content-txn-dev.manulife.ca
edge.prod-ext.api.manulife.com
hf.gbi.manulife.ca
interac-uat.manulifebank.ca
manulife.com
manulife.com
www-aem-stage.manulife.ca
manulife.com
manulife.com
manulife.com
mail-ds.manulife.ca
manulife.com
dev.jmeter.aks.manulife.ca
www.insurance.manulife.ca
manulife.com
manulife.com
manulife.com
manulife.com
manulife.com
stage.manulifesecurities.manulife.ca
www-aem-dev.manulife.ca
manulife.com
portal.manulife.ca
manulife.com
manulife.com
uat.advisor.manulife.ca

Certificate

The complete raw certificate details for www-aem-dev2.manulife.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIKLTCCCRWgAwIBAgIRAMjKxVWoChcqUBUZNaqMx9AwDQYJKoZIhvcNAQELBQAw
gZUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE9MDsGA1UE
AxM0U2VjdGlnbyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNl
cnZlciBDQTAeFw0yMTAzMDgwMDAwMDBaFw0yMjAzMDgyMzU5NTlaMIGMMQswCQYD
VQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzEQMA4GA1UEBxMHVG9yb250bzEbMBkG
A1UEChMSTWFudWxpZmUgRmluYW5jaWFsMRkwFwYDVQQLExBDYW5hZGlhbiBTZWdt
ZW50MSEwHwYDVQQDExh3d3ctYWVtLWRldjIubWFudWxpZmUuY2EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8nAXfwYR+DhwXrAs8TEsxFtWo+GPZGked
/TdeKwGpqVevjG/H2xRzP8AZBGQZRHgup4KaNXfHX37SI1IljhWQBNv05kEyocQb
YHZGc5Wx0y/YnPix1fB7snvHnQamcSJyJWQxvgFLp7ZZSuaOgLWAY+ilKXnFfxsm
UW1HH8vjXd7/7J+Tgf8/38yOx5yC30DrqfXMEtBs0PxR7DjG4SgOzo/rfsQ9S1Qi
X8j9d8RsW5ejGmPWE0W7aVTGNf0+hnRELlbMD2rsN2jhUdlnundHdiMeUM9pTvsR
wzODMN0rBJLa9uiESS7taIg4u2n99Os/S6oHotFvPhgZMYaE+dSXAgMBAAGjggZ9
MIIGeTAfBgNVHSMEGDAWgBQX2dYlJ2f5McJJQ9kwNkSMbKlP6zAdBgNVHQ4EFgQU
leM5uStK1iJYXGCfq8+xEASGnGwwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQC
MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEoGA1UdIARDMEEwNQYM
KwYBBAGyMQECAQMEMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20v
Q1BTMAgGBmeBDAECAjBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLnNlY3Rp
Z28uY29tL1NlY3RpZ29SU0FPcmdhbml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2Vy
dmVyQ0EuY3JsMIGKBggrBgEFBQcBAQR+MHwwVQYIKwYBBQUHMAKGSWh0dHA6Ly9j
cnQuc2VjdGlnby5jb20vU2VjdGlnb1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25T
ZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3Rp
Z28uY29tMBMGCisGAQQB1nkCBAMBAf8EAgUAMIIErgYDVR0RBIIEpTCCBKGCGHd3
dy1hZW0tZGV2Mi5tYW51bGlmZS5jYYIbYXV0aG9yLWFlbS1kZXYyLm1hbnVsaWZl
LmNhgiF3d3ctYWVtLWRldjIuYWZmaW5pdHkubWFudWxpZmUuY2GCIHd3dy1hZW0t
ZGV2Mi5hZmZpbml0eS5tYW51dmllLmNhgiF3d3ctYWVtLWRldjIuYXNzdXJhbmNl
LW1hbnV2aWUuY2GCHXd3dy1hZW0tZGV2Mi5iYW5rLm1hbnVsaWZlLmNhghx3d3ct
YWVtLWRldjIuYmFuay5tYW51dmllLmNhgh53d3ctYWVtLWRldjIuY210Y3AubWFu
dWxpZmUuY2GCHXd3dy1hZW0tZGV2Mi5jbXRjcC5tYW51dmllLmNhgiB3d3ctYWVt
LWRldjIuY292ZXJtZS5tYW51bGlmZS5jYYIfd3d3LWFlbS1kZXYyLmNvdmVybWUu
bWFudXZpZS5jYYIdd3d3LWFlbS1kZXYyLmNwYW8ubWFudWxpZmUuY2GCHHd3dy1h
ZW0tZGV2Mi5jcGFvLm1hbnV2aWUuY2GCInd3dy1hZW0tZGV2Mi5kZXZlbG9wZXIu
bWFudWxpZmUuY2GCIXd3dy1hZW0tZGV2Mi5kZXZlbG9wZXIubWFudXZpZS5jYYIm
d3d3LWFlbS1kZXYyLmdyb3VwYmVuZWZpdHMubWFudWxpZmUuY2GCIXd3dy1hZW0t
ZGV2Mi5oZWFkbGVzcy5tYW51bGlmZS5jYYIdd3d3LWFlbS1kZXYyLmluZm8ubWFu
dWxpZmUuY2GCHHd3dy1hZW0tZGV2Mi5pbmZvLm1hbnV2aWUuY2GCH3d3dy1hZW0t
ZGV2Mi5sZWdhY3kubWFudWxpZmUuY2GCHnd3dy1hZW0tZGV2Mi5sZWdhY3kubWFu
dXZpZS5jYYIkd3d3LWFlbS1kZXYyLm1hbnVsaWZlLWdyb3VwLXBsYW5zLmNhgiJ3
d3ctYWVtLWRldjIubWFudWxpZmUtaW5zdXJhbmNlLmNhgix3d3ctYWVtLWRldjIu
bWFudWxpZmUtc2VjdXJpdGllcy5tYW51bGlmZS5jYYIrd3d3LWFlbS1kZXYyLm1h
bnVsaWZlLXNlY3VyaXRpZXMubWFudXZpZS5jYYIXd3d3LWFlbS1kZXYyLm1hbnV2
aWUuY2GCJHd3dy1hZW0tZGV2Mi5vZmZlcnMuYmFuay5tYW51bGlmZS5jYYIjd3d3
LWFlbS1kZXYyLm9mZnJlcy5iYW5rLm1hbnV2aWUuY2GCKnd3dy1hZW0tZGV2Mi5y
ZWdpbWVzLWNvbGxlY3RpZnMtbWFudXZpZS5jYYIbd3d3LWFlbS1kZXYyLnJyLm1h
bnVsaWZlLmNhghp3d3ctYWVtLWRldjIucnIubWFudXZpZS5jYYIfd3d3LWFlbS1k
ZXYyLnRyYXZlbC5tYW51bGlmZS5jYYIed3d3LWFlbS1kZXYyLnRyYXZlbC5tYW51
dmllLmNhgiJ3d3ctYWVtLWRldjIudHJhdmVsYjJiLm1hbnVsaWZlLmNhgiF3d3ct
YWVtLWRldjIudHJhdmVsYjJiLm1hbnV2aWUuY2EwDQYJKoZIhvcNAQELBQADggEB
ADivOsyK0Z+irrHQOopRfuXMaCFGpOeQi28/geu/6XkxvsWqacZ2w519q1l2tZIl
0BEs+3bShln8yDS51xGg7qyj+f7o7hEJGR2NfYdiBaPg7zeHmWpD3ETOSQCHYF+5
XfYlINzfNFcnKjN7x9YW6u++aqa5kXYtR35EqbXcLZ2X1foUL52jXNK1rDUmObcV
UWvm3CtVsS7NE5wrgQc58NIVuBuLZboymTV6jiDbPm+McvWsYXca7TqFNsIPvcQI
hgcYpymwmXNqrgQhaXfSjuBlAC8ekl1/WUw0LqaV1zc+aJ+a/tdAaJpREL8O9bT2
i3dfRecbZ6x8ZQRcmbfwl6Q=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJwF38GEfg4cF6wLPExL
MRbVqPhj2RpHnf03XisBqalXr4xvx9sUcz/AGQRkGUR4LqeCmjV3x19+0iNSJY4V
kATb9OZBMqHEG2B2RnOVsdMv2Jz4sdXwe7J7x50GpnEiciVkMb4BS6e2WUrmjoC1
gGPopSl5xX8bJlFtRx/L413e/+yfk4H/P9/Mjsecgt9A66n1zBLQbND8Uew4xuEo
Ds6P637EPUtUIl/I/XfEbFuXoxpj1hNFu2lUxjX9PoZ0RC5WzA9q7Ddo4VHZZ7p3
R3YjHlDPaU77EcMzgzDdKwSS2vbohEku7WiIOLtp/fTrP0uqB6LRbz4YGTGGhPnU
lwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 266898445543498623156411806525292333008
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-03-08 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-03-08 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Toronto'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Canadian Segment'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www-aem-dev2.manulife.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23809739115552763755752323302646211226496803688615931912125726858454950222284716846599088816085722385505233904704806023057041280153508674770565558360874118468478102915054573018809708500667908830496549061037247477378763011652375399039448158226029588806273513907248956022348545406936602905597681248477254433418364581655841370209523075131009623284113567134222514067351224125431125187110563805580608111365821637459606833444042875050007517397742699554840114490501630743951336590589413205527228469758869002345358356788857049996613026548878849175446389451727771263347103568724889226713981505512963194809080019276478744745111
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							95e339b92b4ad622585c609fabcfb11004869c6c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1189 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'author-aem-dev2.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.affinity.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.affinity.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.assurance-manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.bank.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.bank.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.cmtcp.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.cmtcp.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.coverme.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.coverme.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.cpao.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.cpao.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.developer.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.developer.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.groupbenefits.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.headless.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.info.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.info.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.legacy.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.legacy.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.manulife-group-plans.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.manulife-insurance.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.manulife-securities.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.manulife-securities.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.offers.bank.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.offres.bank.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.regimes-collectifs-manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.rr.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.rr.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.travel.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.travel.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.travelb2b.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-dev2.travelb2b.manuvie.ca'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0038af3acc8ad19fa2aeb1d03a8a517ee5cc682146a4e7908b6f3f81ebbfe97931bec5aa69c676c39d7dab5976b59225d0112cfb76d28659fcc834b9d711a0eeaca3f9fee8ee1109191d8d7d876205a3e0ef3787996a43dc44ce490087605fb95df62520dcdf3457272a337bc7d616eaefbe6aa6b991762d477e44a9b5dc2d9d97d5fa142f9da35cd2b5ac352639b715516be6dc2b55b12ecd139c2b810739f0d215b81b8b65ba3299357a8e20db3e6f8c72f5ac61771aed3a8536c20fbdc408860718a729b099736aae04216977d28ee065002f1e925d7f594c342ea695d7373e689f9afed740689a5110bf0ef5b4f68b775f45e71b67ac7c65045c99b7f097a4