azaphnerpt01a1.mfcgd.com

- Manulife Financial -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number 6c:2e:96:63:73:99:32:c8:38:13:4b:74:d4:06:08:11 was issued on by Sectigo Limited.

With 12 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Manulife Financial

Organization: Manulife Financial
Organization unit: John Hancock US Division
Organization unit: Multi-Domain SSL
Address: 601 Congress Street
Postal code: 02210
State / Province: Massachusetts
Locality: Boston
Country: US

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): 6c:2e:96:63:73:99:32:c8:38:13:4b:74:d4:06:08:11
Serial Number (int): 143798519441068134598825914837043120145
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 71:67:3e:00:64:25:6b:cb:c2:89:35:ec:9a:cc:d3:88:3d:00:6c:85
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): cd:8a:62:e8:f9:e8:c5:c5:10:e4:d9:67:55:e5:a4:c5:92:5c:07:ad
Fingerprint (sha256): 08:46:a6:e1:cd:dd:e4:7a:35:f4:b3:8e:94:ef:b9:43:84:5c:b0:19:83:30:6f:6b:03:fb:41:11:e1:98:92:72

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate azaphnerpt01a1.mfcgd.com

12

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for azaphnerpt01a1.mfcgd.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

azaphnerpt01a1.mfcgd.com
inside1.mod.manulifeusa.com
mstrtst.rps.jhancock.com
mstrtsteai.rps.jhancock.com
mstruat.rps.jhancock.com
mstruateai.rps.jhancock.com
outside1.mod.manulifeusa.com
preview.qa64.onejohnhancock.com
qa4.johnhancockaspire.com
qa64.jhaspire.com
qa64.onejohnhancock.com
test.jhaspire.com

Other certificates including the domain name mfcgd.com

(limited to 100 certificates)
insidejhaprd.mfcgd.com
nasbfepool02.mfcgd.com
stage.identity.jhancock.com
cws.manulife.com.kh
azuwvgisrpaad01.mfcgd.com
uat.igpclaimreporting.jhancock.com
qa.johnhancock.com
daily.manulife.com.vn
sts.manulife.com
azclvgisarlp06.mfcgd.com
spgbgwiz-dev.mfc.com
azlapnedlbig01.mfcgd.com
asiacitrix.manulife.com
stg.johnhancock.com
www.jhfixedproducts.com
azcwvgfnvarpidu.mfcgd.com
cconprem.manulife.com
insanalyticsdev01.manulife.com
awsuat.manulife.com.kh
azclvgisarcp01.mfcgd.com
chefserversandbox.platform.manulife.io
insidejhaprd.mfcgd.com
nasbaccess01.manulife.com
azclvgisarlp02.mfcgd.com
azclvgisarlp03.mfcgd.com
azuwvgisrpaad01.mfcgd.com
jhinsuranceanalytics.com
azulvjhihttpp02.mfcgd.com
azwapnwasm01.mfcgd.com
vault.prod.cae.platform.manulife.io
azcedledged006.mfcgd.com
beacon.prd.manulifeusa.com
cws.manulife.com.kh
azwapninsshsd02.mfcgd.com
lifeproservice-dev.jhancock.com
brave.prd.manulifeusa.com
azaphnerpt01a1.mfcgd.com
azactx.manulife.com
azcwvgaasqld01.mfcgd.com
apsbaccess01.manulife.com
insuranceanalytics.manulife.com
testcert1.test-qa.net
azawvcaopbiap01.mfcgd.com
vault.sandbox.cae.platform.manulife.io
qms.manulife.com.sg
azcedlwrkd014.mfcgd.com
alfrescodev.manulife.co.id
testcert1.test-qa.net
azulvbdssast01.mfcgd.com
vault.sandbox.usc.platform.manulife.io
azuwvjhimfrd01.mfcgd.com
azwapnwasm01.mfcgd.com
testcert1.test-qa.net
ajawvgisvrcdp01.mfcgd.com
jhshsm.johnhancock.com
jhinsuranceanalytics.com
azlaprnavgovr01.mfcgd.com
azwapnwasm01.mfcgd.com
stg.johnhancock.com
azuwvjhioptd01-saml.mfcgd.com
jhaconnect.jhannuities.com
welcome.manulife.com.ph
qmsdev.manulife.com.sg
cms.video.mfc.com
jhshsm.johnhancock.com
azuwvjhimfrr01.mfcgd.com
azclvgisarlp01.mfcgd.com
azuwvjhimfrr01.mfcgd.com
azcedlnifid001.mfcgd.com
apsbfepool02.mfcgd.com
azwapnstarbase3.mfcgd.com
vault.sandbox.cac.platform.manulife.io
azaapnerpm01.mfcgd.com
azaphnerpt01a1.mfcgd.com
azuwvjhibeas01.mfcgd.com
daily.manulife.com.vn
azwudejhc01.mfcgd.com
azulvadvgrpp05.mfcgd.com
apsbepool02.mfcgd.com
azulvlifemdmp03.mfcgd.com
vault.sandbox.cac.platform.manulife.io
aws.manulife.com.kh
azclvgisarlp04.mfcgd.com
www.jhfixedproducts.com
azwappetscvcs1.mfcgd.com
testcert1.test-qa.net
azwapnstarbase4.mfcgd.com
www.jhfixedproducts.com
azclvgisarlp01.mfcgd.com
azcedlwrkd001-099.mfcgd.com
azcedlwrk001-099.mfcgd.com
azwapnstarbase3.mfcgd.com
azwappetsscms01.mfcgd.com
stage.partnerlink.jhancock.com
azulvjhiwmqr01.mfcgd.com
vault.prod.sea.platform.manulife.io
azuwvjhioptt01.mfcgd.com
azaapnerpm01.mfcgd.com
alfrescodev.manulife.co.id
azaapnerpm02a4.mfcgd.com

Certificate

The complete raw certificate details for azaphnerpt01a1.mfcgd.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIjDCCB3SgAwIBAgIQbC6WY3OZMsg4E0t01AYIETANBgkqhkiG9w0BAQsFADCB
lTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQD
EzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2Vy
dmVyIENBMB4XDTE5MTExOTAwMDAwMFoXDTIxMTExODIzNTk1OVowgeIxCzAJBgNV
BAYTAlVTMQ4wDAYDVQQREwUwMjIxMDEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czEP
MA0GA1UEBxMGQm9zdG9uMRwwGgYDVQQJExM2MDEgQ29uZ3Jlc3MgU3RyZWV0MRsw
GQYDVQQKExJNYW51bGlmZSBGaW5hbmNpYWwxITAfBgNVBAsTGEpvaG4gSGFuY29j
ayBVUyBEaXZpc2lvbjEZMBcGA1UECxMQTXVsdGktRG9tYWluIFNTTDEhMB8GA1UE
AxMYYXphcGhuZXJwdDAxYTEubWZjZ2QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAwKouHIs3bPtE0IW6yX3u9nc8T5Azzm5YBrwKAtFeI7Hn/Gzw
aK8K/9VS9sJCr1eQD8Q3w4/5H/WnEhcqWW/sGVY+xOPnxaMe6FHUovqarbWvOaLy
p3b+dWWrccSgWXS5gwQvZ02b6R+L9xtBF0djt/fFu4Bk9c4FKi0LlglxiJF1VkVn
oX0+fZoE5MKFs16yAn/h5Z/WjY8ePiQPyND+c7EUHS6xGe+X28nUmhFLISc7rXPg
mU/VANS0kExIZpTiFHg6yY80HRELh1Tvw3pr/59K2RcAsyonkQ7tHRqXs7nC496U
n0/vYpmtTAarG80mJbANNj0r+M825yB/4Y70LQIDAQABo4IEhzCCBIMwHwYDVR0j
BBgwFoAUF9nWJSdn+THCSUPZMDZEjGypT+swHQYDVR0OBBYEFHFnPgBkJWvLwok1
7JrM04g9AGyFMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBBMDUGDCsGAQQBsjEBAgED
BDAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwB
AgIwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0
aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCB
igYIKwYBBQUHAQEEfjB8MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LnNlY3RpZ28u
Y29tL1NlY3RpZ29SU0FPcmdhbml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVy
Q0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTCCAUsG
A1UdEQSCAUIwggE+ghhhemFwaG5lcnB0MDFhMS5tZmNnZC5jb22CG2luc2lkZTEu
bW9kLm1hbnVsaWZldXNhLmNvbYIYbXN0cnRzdC5ycHMuamhhbmNvY2suY29tghtt
c3RydHN0ZWFpLnJwcy5qaGFuY29jay5jb22CGG1zdHJ1YXQucnBzLmpoYW5jb2Nr
LmNvbYIbbXN0cnVhdGVhaS5ycHMuamhhbmNvY2suY29tghxvdXRzaWRlMS5tb2Qu
bWFudWxpZmV1c2EuY29tgh9wcmV2aWV3LnFhNjQub25lam9obmhhbmNvY2suY29t
ghlxYTQuam9obmhhbmNvY2thc3BpcmUuY29tghFxYTY0LmpoYXNwaXJlLmNvbYIX
cWE2NC5vbmVqb2huaGFuY29jay5jb22CEXRlc3Quamhhc3BpcmUuY29tMIIBfgYK
KwYBBAHWeQIEAgSCAW4EggFqAWgAdgB9PvL4j/+IVWgkwsDKnlKJeSvFDngJfy5q
l2iZfiLw1wAAAW6F+7eXAAAEAwBHMEUCIQC78RlXcpJlW815XJeCbMujMzOTFWmU
aup153ofli7XPgIgPnyzqu5Y6IcCdJsmcYAMEzFRK6mRZPfo+NslPVTQ/kgAdwBE
lGUusO7Or8RAB9io/ijA2uaCvtjLMbU/0zOWtbaBqAAAAW6F+7eDAAAEAwBIMEYC
IQDt3eeHxvb/6ZQLomTDTkwq8NH2dUEpojT7LTtZet9FxgIhANVRpmarOb8iKsgV
kSMjaWcyiRRHQdI7nBS853w9x5dvAHUAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQAp
Bo2yCJo32RMAAAFuhfu3hAAABAMARjBEAiACmhFJFbQjtOGvtq/Yn3XvXj27VJab
1ZY6eJw4d9cBLwIgUHwhzWeFGYPM3qWled53fFO/dHukkHQmlNCAt0abl9UwDQYJ
KoZIhvcNAQELBQADggEBAJhUR5aEtX5TMouxXQh+KQD/07GWxyA8op6IgjgewRGg
S9p59g5GNkCgZYKyoS9RBeWcJcdC+VfSXnfRRsqyf5G3Y+CvL1VpB/dq25zBKgdY
UuWaoZkpINwVKDOztvdr/GWJ8LVrVobuSEdyyu57zZxSJMblh4gqq6oZqpToJMvh
Ckclb8XO+Q4WmJJFF/kZoEiwu+dwEEFwLNDJQtsG+zOiKiu8m2qMMjVntdkugXZy
5vflrJwM0EuJn2k7TFLAU7l2pM0op+7DFcHmx3UssfW0zv5BTXN0sUhynsHwBKae
UbsL6yz36uOUkLecus78boNrZCx90o7C+ppiNsrrHmA=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKouHIs3bPtE0IW6yX3u
9nc8T5Azzm5YBrwKAtFeI7Hn/GzwaK8K/9VS9sJCr1eQD8Q3w4/5H/WnEhcqWW/s
GVY+xOPnxaMe6FHUovqarbWvOaLyp3b+dWWrccSgWXS5gwQvZ02b6R+L9xtBF0dj
t/fFu4Bk9c4FKi0LlglxiJF1VkVnoX0+fZoE5MKFs16yAn/h5Z/WjY8ePiQPyND+
c7EUHS6xGe+X28nUmhFLISc7rXPgmU/VANS0kExIZpTiFHg6yY80HRELh1Tvw3pr
/59K2RcAsyonkQ7tHRqXs7nC496Un0/vYpmtTAarG80mJbANNj0r+M825yB/4Y70
LQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 143798519441068134598825914837043120145
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-11-19 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-11-18 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '02210'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Massachusetts'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Boston'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '601 Congress Street'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'John Hancock US Division'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Multi-Domain SSL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'azaphnerpt01a1.mfcgd.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24321673499858237621817764716256663613055606537926200929783405829294216026154170129308460734380216746974701044115523502457170610157854053215499806141422793316325569497021383932530523742979445181176417137601892563708974664570196226032889986421317576960261939634591949727577035848750235334291283319741627537967596058888281084329756094041206831013866736510724871434513236945082514052325481710086390239224586168118594037786536646732120538879555337614954751925185649663815636532847716428223454246851351505277769637124966945264104942994270369293611070888182291517261742439275239410551872017534026718190056286138432519861293
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							71673e0064256bcbc28935ec9accd3883d006c85
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (322 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'azaphnerpt01a1.mfcgd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'inside1.mod.manulifeusa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mstrtst.rps.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mstrtsteai.rps.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mstruat.rps.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mstruateai.rps.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'outside1.mod.manulifeusa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'preview.qa64.onejohnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa4.johnhancockaspire.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa64.jhaspire.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa64.onejohnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.jhaspire.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							01680076007d3ef2f88fff88556824c2c0ca9e5289792bc50e78097f2e6a9768997e22f0d70000016e85fbb7970000040300473045022100bbf119577292655bcd795c97826ccba33333931569946aea75e77a1f962ed73e02203e7cb3aaee58e88702749b2671800c1331512ba99164f7e8f8db253d54d0fe480077004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a80000016e85fbb7830000040300483046022100eddde787c6f6ffe9940ba264c34e4c2af0d1f6754129a234fb2d3b597adf45c6022100d551a666ab39bf222ac81591232369673289144741d23b9c14bce77c3dc7976f0075006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d9130000016e85fbb78400000403004630440220029a114915b423b4e1afb6afd89f75ef5e3dbb54969bd5963a789c3877d7012f0220507c21cd67851983ccdea5a579de777c53bf747ba490742694d080b7469b97d5
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		009854479684b57e53328bb15d087e2900ffd3b196c7203ca29e8882381ec111a04bda79f60e463640a06582b2a12f5105e59c25c742f957d25e77d146cab27f91b763e0af2f556907f76adb9cc12a075852e59aa1992920dc152833b3b6f76bfc6589f0b56b5686ee484772caee7bcd9c5224c6e587882aabaa19aa94e824cbe10a47256fc5cef90e1698924517f919a048b0bbe7701041702cd0c942db06fb33a22a2bbc9b6a8c323567b5d92e817672e6f7e5ac9c0cd04b899f693b4c52c053b976a4cd28a7eec315c1e6c7752cb1f5b4cefe414d7374b148729ec1f004a69e51bb0beb2cf7eae39490b79cbacefc6e836b642c7dd28ec2fa9a6236caeb1e60