manulife.com

- Manulife Financial Corporation -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number e3:b0:3c:be:2d:8e:2f:96:3f:c1:41:ba:ac:25:f2:3b was issued on by Sectigo Limited.

With 60 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Manulife Financial Corporation

Organization: Manulife Financial Corporation
State / Province: Ontario
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate will expire on

Certificate Details

Serial Number (hex): e3:b0:3c:be:2d:8e:2f:96:3f:c1:41:ba:ac:25:f2:3b
Serial Number (int): 302649831302303847253411286376092398139
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 75:b2:bc:95:12:db:6e:d5:fd:60:21:2a:e6:1d:c9:6d:13:a0:ff:62
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): 58:9b:f4:c9:bf:fe:49:eb:40:4e:22:e3:46:86:1d:4e:d1:f2:b1:3d
Fingerprint (sha256): 0a:36:b5:01:b6:ca:0c:e3:34:1e:a7:0e:7f:c7:e4:85:96:9d:e6:0d:5e:bd:58:d5:39:45:1f:6f:21:1b:0f:5c

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate manulife.com

60

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for manulife.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

manulife.com
api.gb.manulife.com
asampuat.manulife.com
author-dev-ap.manulife.com
author-preprod-ap.manulife.com
author-sit-ap.manulife.com
author-stg-ap.manulife.com
dpcon.manulifesecurities.ca
dprc.manulifesecurities.ca
fasatexternal.manulife.ca
invite.manulifeghnw.com
jhapim-nonprod.dev.developer.manulife.com
jhapim-nonprod.dev.management.manulife.com
jhapim-nonprod.dev.portal.manulife.com
jhapim-nonprod.dev.scm.manulife.com
jhapim.dev.developer.manulife.com
jhapim.dev.management.manulife.com
jhapim.dev.portal.manulife.com
jhapim.dev.scm.manulife.com
manulife-wealth.ca
manulife-wealth.com
manulife-wealth.net
manulifeprivatewealth.com
manulifepromos.com
manulifewealth.ca
manulifewealth.com
manulifewealth.net
morningstar-api.jhinvestments.com
morningstar-us-api.jhinvestments.com
patrimoine-manuvie.ca
patrimoine-manuvie.com
patrimoine-manuvie.net
patrimoinemanuvie.ca
patrimoinemanuvie.net
portal-uat.manulife.com.vn
portal.manulife.com.vn
stage.invite.manulifeghnw.com
stg.manulifewealth.ca
test.invite.manulifeghnw.com
tokenize-ds-t1.manulife.com
tokenize-ds.manulife.com
uat.manulifetravel.ca
wsauth.manulife.com
wsauthdev.manulife.com
www-aem-prod.igp.manulife.ca
www-aem-stage.igp.manulife.ca
www-aem-stage.manulifetravel.manulife.ca
www.manulife-wealth.ca
www.manulife-wealth.com
www.manulife-wealth.net
www.manulifeprivatewealth.com
www.manulifepromos.com
www.manulifewealth.ca
www.manulifewealth.com
www.manulifewealth.net
www.patrimoine-manuvie.ca
www.patrimoine-manuvie.com
www.patrimoine-manuvie.net
www.patrimoinemanuvie.ca
www.patrimoinemanuvie.net

Other certificates including the domain name manulife.com

(limited to 100 certificates)
mlisxivg01.manulife.com
manulife.com
nasbfepool02.mfcgd.com
mfcentral.manulife.com
api1.np.ca.manulife.com
idwicrmapd01.mlijkt01.manulife.com
manulife.com
manulife.com
aidp.manulife.com
azalvedlwrkdp10.p01eaedl.manulife.com
manulife.com
client.manulifebank.com
rps.jhancock.com
manulife.com
sharepoint-externalpartner.uat.ap.manulife.com
hermes.manulife.com
manulife.com
clbs37841.manulife.com
internal.mesh.test.api.manulife.com
azcedlwrks003.s01caedl.manulife.com
manulife.com
cdcwvjhpwast21.americas.manulife.net
daily.manulife.com.vn
click.e.manulife.com
sft.institutional.manulife.com
johnhancock.com
manulife.com
sts.manulife.com
manulife.com
azslvedlmgtdd01.d01saedl.manulife.com
idwicrmapt21.mlijkt01.manulife.com
idwcasp.ap.manulife.com
mfcentral.manulife.com
manulife.com
view-e-ds.manulife.com
idwelems01.mlijkt01.manulife.com
druglookup-client.manulife.com
mfcentral.manulife.com
sharepoint-externalpartner.uat.ap.manulife.com
www-aem-prod.manulife.ca
insttrip.manulife.com
manulife.com
dbpartners.manulife.com
idwinetapt01.mlijkt01.manulife.com
asiacitrix.manulife.com
arrowonramp.manulife.com
manulife.com
qitsso-uat.manulife.com
manulife.com
sf.cac.internal.mesh.dev.api.manulife.com
manulife.com
giam-qa.manulife.com
manulife.com
cconprem.manulife.com
manulife.com
manulife.com
manulife.com
idp.grsportal.ca.manulife.com
manulife.com
insanalyticsdev01.manulife.com
awsuat.manulife.com.kh
idwiqmtapp01.mlijkt01.manulife.com
johnhancock.com
manulife.com
manulife.com
myasoaibp2.ap.manulife.com
remotejp2.manulife.com
johnhancock.com
sharepoint-int.ap.manulife.com
mlifs900g01.manulife.com
nasbaccess01.manulife.com
jhappsstaging-tst.aks.manulife.com
manulife.com
manulife.com
crverifyidentity-dev.johnhancock.com
manulife.com
jpnhoapt09.japan.corp.manulife.com
client.manulifebank.com
preprod.mtls.api.manulife.com
manulife.com
idwietsisft05.mlijkt01.manulife.com
remotehk.manulife.com
azcedledges001.s01caedl.manulife.com
idwcas4tap.ap.manulife.com
manulife.com
mlixnbarplzvnaca.manulife.com
manulife.com
manulife.com
druglookup-client.manulife.com
pcf.manulife.com
proxy.auw.my.underwriting.manulife.com
manulife.com
johnhancock.com
manulife.com
financeit.devsit202201.manulife.com
tw-ssg-fw1.manulife.com
advisor.manulife.ca
azwapnwasm01.mfcgd.com
azuedldbo01.p01usedl.manulife.com
edge.prod-ext.api.manulife.com

Certificate

The complete raw certificate details for manulife.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIINLjCCDBagAwIBAgIRAOOwPL4tji+WP8FBuqwl8jswDQYJKoZIhvcNAQELBQAw
gZUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE9MDsGA1UE
AxM0U2VjdGlnbyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNl
cnZlciBDQTAeFw0yNDA2MjAwMDAwMDBaFw0yNTA2MjAyMzU5NTlaMF8xCzAJBgNV
BAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMScwJQYDVQQKEx5NYW51bGlmZSBGaW5h
bmNpYWwgQ29ycG9yYXRpb24xFTATBgNVBAMTDG1hbnVsaWZlLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALZS16dtG0c5QrlZuk3Jut+34FWFAZsR
ftzpMsZWR5DHLlbN/0IpgHgK6qrNWe2jV1+xIL66dXWt5j2wjVShOi2CRaOD0+B5
9VFarMu0uRD2DineBR+hSEgf0hzWQwIdbHyNn6v26al/atrqVLVGzljrfhsNb3eO
j5NDtdjiNS1ypR7sG1i3+MTme7+vkLPy99VzLQSk2aFEivBLAmNBvViKcX0oQh6/
hoFjmVGQhS1v3p+u+1ykQi595h84nvapvgRstc8qlcvRZ897/Q/rNaRoWBRlppXk
wABJ2qdVligga/XUaW7faSdGsylVNPQJfDZ9nUE1aba0pOXv2i5tJQMCAwEAAaOC
CawwggmoMB8GA1UdIwQYMBaAFBfZ1iUnZ/kxwklD2TA2RIxsqU/rMB0GA1UdDgQW
BBR1sryVEttu1f1gISrmHcltE6D/YjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSgYDVR0gBEMwQTA1
BgwrBgEEAbIxAQIBAwQwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNv
bS9DUFMwCAYGZ4EMAQICMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwuc2Vj
dGlnby5jb20vU2VjdGlnb1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVT
ZXJ2ZXJDQS5jcmwwgYoGCCsGAQUFBwEBBH4wfDBVBggrBgEFBQcwAoZJaHR0cDov
L2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlv
blNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2Vj
dGlnby5jb20wggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AM8RVu7VLnyv84db
2Wkum+kacWdKsBfsrAHSW3fOzDsIAAABkDXuqY8AAAQDAEcwRQIhAJv3q8Jagqki
z1ZOz/VCQI6CJx/AmlWTPNyWq8avCTFmAiBJQkOGo/MOld+vfE/t2wg8H4T1IR5F
SYea2T8QvkiWMAB2AKLjCuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfnAAAB
kDXuqW8AAAQDAEcwRQIgI+YXYsQfW9ig2F/kZZV0uWJXCIcTNe1Rzugq+lvpfjQC
IQCTHVylXYJdyHfswHhChACUBOytLxRaArgo5bqakGBFvQB3AE51oydcmhDDOFts
1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABkDXuqW8AAAQDAEgwRgIhANWcta7VkWS4
OUfnLrPR1Y8JaFZYyF6zu0efk/xTMDvWAiEAjn0V3FLoqFnM4FXwQqAhfsYDqD1f
En83v0Iw6OtkPIwwggZvBgNVHREEggZmMIIGYoIMbWFudWxpZmUuY29tghNhcGku
Z2IubWFudWxpZmUuY29tghVhc2FtcHVhdC5tYW51bGlmZS5jb22CGmF1dGhvci1k
ZXYtYXAubWFudWxpZmUuY29tgh5hdXRob3ItcHJlcHJvZC1hcC5tYW51bGlmZS5j
b22CGmF1dGhvci1zaXQtYXAubWFudWxpZmUuY29tghphdXRob3Itc3RnLWFwLm1h
bnVsaWZlLmNvbYIbZHBjb24ubWFudWxpZmVzZWN1cml0aWVzLmNhghpkcHJjLm1h
bnVsaWZlc2VjdXJpdGllcy5jYYIZZmFzYXRleHRlcm5hbC5tYW51bGlmZS5jYYIX
aW52aXRlLm1hbnVsaWZlZ2hudy5jb22CKWpoYXBpbS1ub25wcm9kLmRldi5kZXZl
bG9wZXIubWFudWxpZmUuY29tgipqaGFwaW0tbm9ucHJvZC5kZXYubWFuYWdlbWVu
dC5tYW51bGlmZS5jb22CJmpoYXBpbS1ub25wcm9kLmRldi5wb3J0YWwubWFudWxp
ZmUuY29tgiNqaGFwaW0tbm9ucHJvZC5kZXYuc2NtLm1hbnVsaWZlLmNvbYIhamhh
cGltLmRldi5kZXZlbG9wZXIubWFudWxpZmUuY29tgiJqaGFwaW0uZGV2Lm1hbmFn
ZW1lbnQubWFudWxpZmUuY29tgh5qaGFwaW0uZGV2LnBvcnRhbC5tYW51bGlmZS5j
b22CG2poYXBpbS5kZXYuc2NtLm1hbnVsaWZlLmNvbYISbWFudWxpZmUtd2VhbHRo
LmNhghNtYW51bGlmZS13ZWFsdGguY29tghNtYW51bGlmZS13ZWFsdGgubmV0ghlt
YW51bGlmZXByaXZhdGV3ZWFsdGguY29tghJtYW51bGlmZXByb21vcy5jb22CEW1h
bnVsaWZld2VhbHRoLmNhghJtYW51bGlmZXdlYWx0aC5jb22CEm1hbnVsaWZld2Vh
bHRoLm5ldIIhbW9ybmluZ3N0YXItYXBpLmpoaW52ZXN0bWVudHMuY29tgiRtb3Ju
aW5nc3Rhci11cy1hcGkuamhpbnZlc3RtZW50cy5jb22CFXBhdHJpbW9pbmUtbWFu
dXZpZS5jYYIWcGF0cmltb2luZS1tYW51dmllLmNvbYIWcGF0cmltb2luZS1tYW51
dmllLm5ldIIUcGF0cmltb2luZW1hbnV2aWUuY2GCFXBhdHJpbW9pbmVtYW51dmll
Lm5ldIIacG9ydGFsLXVhdC5tYW51bGlmZS5jb20udm6CFnBvcnRhbC5tYW51bGlm
ZS5jb20udm6CHXN0YWdlLmludml0ZS5tYW51bGlmZWdobncuY29tghVzdGcubWFu
dWxpZmV3ZWFsdGguY2GCHHRlc3QuaW52aXRlLm1hbnVsaWZlZ2hudy5jb22CG3Rv
a2VuaXplLWRzLXQxLm1hbnVsaWZlLmNvbYIYdG9rZW5pemUtZHMubWFudWxpZmUu
Y29tghV1YXQubWFudWxpZmV0cmF2ZWwuY2GCE3dzYXV0aC5tYW51bGlmZS5jb22C
FndzYXV0aGRldi5tYW51bGlmZS5jb22CHHd3dy1hZW0tcHJvZC5pZ3AubWFudWxp
ZmUuY2GCHXd3dy1hZW0tc3RhZ2UuaWdwLm1hbnVsaWZlLmNhgih3d3ctYWVtLXN0
YWdlLm1hbnVsaWZldHJhdmVsLm1hbnVsaWZlLmNhghZ3d3cubWFudWxpZmUtd2Vh
bHRoLmNhghd3d3cubWFudWxpZmUtd2VhbHRoLmNvbYIXd3d3Lm1hbnVsaWZlLXdl
YWx0aC5uZXSCHXd3dy5tYW51bGlmZXByaXZhdGV3ZWFsdGguY29tghZ3d3cubWFu
dWxpZmVwcm9tb3MuY29tghV3d3cubWFudWxpZmV3ZWFsdGguY2GCFnd3dy5tYW51
bGlmZXdlYWx0aC5jb22CFnd3dy5tYW51bGlmZXdlYWx0aC5uZXSCGXd3dy5wYXRy
aW1vaW5lLW1hbnV2aWUuY2GCGnd3dy5wYXRyaW1vaW5lLW1hbnV2aWUuY29tghp3
d3cucGF0cmltb2luZS1tYW51dmllLm5ldIIYd3d3LnBhdHJpbW9pbmVtYW51dmll
LmNhghl3d3cucGF0cmltb2luZW1hbnV2aWUubmV0MA0GCSqGSIb3DQEBCwUAA4IB
AQB0o2mLMVsJT+dXyua7YbzQO9p2PBRv2uwHv26lyDqIpKAnuqAQMAwYkfUSF9St
IrhvQurl7HYIVcgzYCnOv1IklSUgJkzK4sJG9GIbI05dL5BMbr73GF8Oxtu8ETPy
zPD5okcyabdsLjyEwJY+lIEbYTOgiH/o67ZfFNr/E+A+yO3xsBjeDn0prztyO1Ha
kg6P/90Y/UCIUJjj10yRnnrh3TUFOpkPIPHcaHha7mxWDnTj1mggfFUTyI6smTPR
0dfKJ7qQsAIm44ThGcOxAp85G18FiLlsL5KZSqsBSKpAn+Zj8sbpP/oVo31mISHH
4am15oNaGziiLftf5AV9iKTg
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlLXp20bRzlCuVm6Tcm6
37fgVYUBmxF+3OkyxlZHkMcuVs3/QimAeArqqs1Z7aNXX7Egvrp1da3mPbCNVKE6
LYJFo4PT4Hn1UVqsy7S5EPYOKd4FH6FISB/SHNZDAh1sfI2fq/bpqX9q2upUtUbO
WOt+Gw1vd46Pk0O12OI1LXKlHuwbWLf4xOZ7v6+Qs/L31XMtBKTZoUSK8EsCY0G9
WIpxfShCHr+GgWOZUZCFLW/en677XKRCLn3mHzie9qm+BGy1zyqVy9Fnz3v9D+s1
pGhYFGWmleTAAEnap1WWKCBr9dRpbt9pJ0azKVU09Al8Nn2dQTVptrSk5e/aLm0l
AwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 302649831302303847253411286376092398139
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-20 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-06-20 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'manulife.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23016222613050426089481627029674141841311423799769900738855263192325363095704795378315927687651855895640583041833287833272483632595451676838747155029241583611611169908048190880345078504754242239608928268858610554442430741617661389324375144827057480562401909794841483025449040478337664502436497256770837627571034423299341634957107140319837100765908873809875500835514937693091578572697854217273016755643557903139152551715913381916101901768909543170779031641605031621196627750016131680658079452545850377948707463238912919375711565173636999090280319745816325903825038239626496273768715704220199808906178013428122517316867
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							75b2bc9512db6ed5fd60212ae61dc96d13a0ff62
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							0169007600cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000019035eea98f00000403004730450221009bf7abc25a82a922cf564ecff542408e82271fc09a55933cdc96abc6af093166022049424386a3f30e95dfaf7c4feddb083c1f84f5211e4549879ad93f10be489630007600a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000019035eea96f0000040300473045022023e61762c41f5bd8a0d85fe4659574b9625708871335ed51cee82afa5be97e34022100931d5ca55d825dc877ecc0784284009404ecad2f145a02b828e5ba9a906045bd0077004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000019035eea96f0000040300483046022100d59cb5aed59164b83947e72eb3d1d58f09685658c85eb3bb479f93fc53303bd60221008e7d15dc52e8a859cce055f042a0217ec603a83d5f127f37bf4230e8eb643c8c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1638 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.gb.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'asampuat.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'author-dev-ap.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'author-preprod-ap.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'author-sit-ap.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'author-stg-ap.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dpcon.manulifesecurities.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dprc.manulifesecurities.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fasatexternal.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'invite.manulifeghnw.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapim-nonprod.dev.developer.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapim-nonprod.dev.management.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapim-nonprod.dev.portal.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapim-nonprod.dev.scm.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapim.dev.developer.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapim.dev.management.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapim.dev.portal.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapim.dev.scm.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulife-wealth.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulife-wealth.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulife-wealth.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifeprivatewealth.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifepromos.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifewealth.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifewealth.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifewealth.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'morningstar-api.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'morningstar-us-api.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'patrimoine-manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'patrimoine-manuvie.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'patrimoine-manuvie.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'patrimoinemanuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'patrimoinemanuvie.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'portal-uat.manulife.com.vn'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'portal.manulife.com.vn'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.invite.manulifeghnw.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg.manulifewealth.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.invite.manulifeghnw.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tokenize-ds-t1.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tokenize-ds.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat.manulifetravel.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wsauth.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wsauthdev.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-prod.igp.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.igp.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.manulifetravel.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulife-wealth.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulife-wealth.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulife-wealth.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulifeprivatewealth.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulifepromos.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulifewealth.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulifewealth.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulifewealth.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.patrimoine-manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.patrimoine-manuvie.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.patrimoine-manuvie.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.patrimoinemanuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.patrimoinemanuvie.net'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0074a3698b315b094fe757cae6bb61bcd03bda763c146fdaec07bf6ea5c83a88a4a027baa010300c1891f51217d4ad22b86f42eae5ec760855c8336029cebf5224952520264ccae2c246f4621b234e5d2f904c6ebef7185f0ec6dbbc1133f2ccf0f9a2473269b76c2e3c84c0963e94811b6133a0887fe8ebb65f14daff13e03ec8edf1b018de0e7d29af3b723b51da920e8fffdd18fd40885098e3d74c919e7ae1dd35053a990f20f1dc68785aee6c560e74e3d668207c5513c88eac9933d1d1d7ca27ba90b00226e384e119c3b1029f391b5f0588b96c2f92994aab0148aa409fe663f2c6e93ffa15a37d662121c7e1a9b5e6835a1b38a22dfb5fe4057d88a4e0