nonprodprod.apim.manulife.io

- Manulife Financial Corporation -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number cc:4d:1f:5b:64:4b:bb:26:8b:55:98:c5:8f:70:74:29 was issued on by Sectigo Limited.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Manulife Financial Corporation

Organization: Manulife Financial Corporation
State / Province: Ontario
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate will expire on

Certificate Details

Serial Number (hex): cc:4d:1f:5b:64:4b:bb:26:8b:55:98:c5:8f:70:74:29
Serial Number (int): 271562953993730576011765626295603459113
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 7c:15:09:4c:09:94:d9:2f:58:33:94:0b:b9:13:bf:7d:f3:b2:2f:de
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): 3e:56:b8:cf:04:5e:a6:c3:bf:d8:e7:59:ea:53:20:a4:fd:4b:f3:7c
Fingerprint (sha256): 0e:93:d8:80:f1:d4:97:a3:6d:de:7c:a6:2b:65:b9:1d:5f:b9:21:d0:33:0b:71:6a:75:dc:24:99:1b:d1:ac:a5

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate nonprodprod.apim.manulife.io

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for nonprodprod.apim.manulife.io

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

nonprodprod.apim.manulife.io
*.nonprodprod.apim.manulife.io

Other certificates including the domain name manulife.io

(limited to 100 certificates)
manulife.com
manulife.com
5659569942429696-fe3.pantheonsite.io
node3.c360-prod-dr-nifi.cde.manulife.io
manulife.com
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
noc.platform.manulife.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
www.jhinvestments.com
5662800294707200-fe2.pantheonsite.io
bs03.mms.use.sandbox.platform.manulife.io
5659569942429696-fe3.pantheonsite.io
credhub.ops.concourse.platform.manulife.io
sbx.github.platform.manulife.io
manulife.com
chefserversandbox.platform.manulife.io
manulife.com
ldap.test.eas.identity.platform.manulife.io
www.jhinvestments.com
consul.nonprod.cac.platform.manulife.io
api.gb.apim.manulife.io
appdb23.cae.platform.manulife.io
vault.prod.cae.platform.manulife.io
5659569942429696-fe3.pantheonsite.io
manulife.io
5659569942429696-fe3.pantheonsite.io
bs02.mms.use.sandbox.platform.manulife.io
5659569942429696-fe3.pantheonsite.io
5662800294707200-fe2.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
5662800294707200-fe2.pantheonsite.io
vault.sandbox.cae.platform.manulife.io
node1.c360-prod-nifi.cde.manulife.io
uaa.cae.ops.concourse.platform.manulife.io
appdb31.cac.preview.platform.manulife.io
sbx.github.platform.manulife.io
www.jhinvestments.com
5659569942429696-fe3.pantheonsite.io
ldap.ca.identity.platform.manulife.io
manulife.com
manulife.com
uls.preview.manulife.com
appdb21.cae.platform.manulife.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
vault.sandbox.usc.platform.manulife.io
appdb12.eas.platform.manulife.io
sfplatform.dev.nifi.manulife.io
manulife.com
5659569942429696-fe3.pantheonsite.io
node2.c360-uat-nifi.cde.manulife.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
manulife.com
nonprodprod.apim.manulife.io
manulife.com
5659569942429696-fe3.pantheonsite.io
manulife.com
5659569942429696-fe3.pantheonsite.io
node1.c360-qat-nifi.cde.manulife.io
dashboard.platform.manulife.io
uls.manulife.com
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
terraform.platform.manulife.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
manulife.com
5662800294707200-fe2.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
manulife.com
manulife.com
manulife.com
stoplight.gwam.manulife.io
uls.eas.preview.manulife.io
bs01.mms.use.sandbox.platform.manulife.io
5659569942429696-fe3.pantheonsite.io
vault.sandbox.cac.platform.manulife.io
www.jhinvestments.com
node1.c360-prod-dr-nifi.cde.manulife.io
bs32.cac.preview.platform.manulife.io
nonprod.appgw.manulife.io
5659569942429696-fe3.pantheonsite.io
vault.nonprod.sea.platform.manulife.io
manulife.com
cdncetdvcacicfrtr.manulife.io
vault.sandbox.cac.platform.manulife.io
5659569942429696-fe3.pantheonsite.io
5662800294707200-fe2.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
consul.nonprod.sea.platform.manulife.io
api.gb.appgw.manulife.io
5659569942429696-fe3.pantheonsite.io

Certificate

The complete raw certificate details for nonprodprod.apim.manulife.io in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHFjCCBf6gAwIBAgIRAMxNH1tkS7smi1WYxY9wdCkwDQYJKoZIhvcNAQELBQAw
gZUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE9MDsGA1UE
AxM0U2VjdGlnbyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNl
cnZlciBDQTAeFw0yMzExMjgwMDAwMDBaFw0yNDExMjcyMzU5NTlaMG8xCzAJBgNV
BAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMScwJQYDVQQKEx5NYW51bGlmZSBGaW5h
bmNpYWwgQ29ycG9yYXRpb24xJTAjBgNVBAMTHG5vbnByb2Rwcm9kLmFwaW0ubWFu
dWxpZmUuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCCRKDJIxe
MIkmhXr5przNjGrpd0i6q4KoXORsZKCx+32VIK7I5cvCunmNDOI6+4+wuBtRA8fs
ytAAkmfWHK0OiYexbGcd1WUjMNZN1luanX4bUYqxF5Bm8Fc9s4hDs6EavNw4Fr0l
1gXJN4HT9o0fzqPosQKRzDNPwHKgOByL9qEwC7Ih6I3eXAAa+4I1iYH1CPEibZhy
6i+Pv+lXgDa9Yln3njfjR80m7TbAzT2+zIyTg3ys/7h0FZkhfrGXAFu4t08JWHt6
rq2x6dF1aAbhQPfrCDy/vyKC98JuyVOL/nBOnFlLV3ssEtOKs+wtO9yRqopMwtM2
7+GWkNLe9hzXAgMBAAGjggOEMIIDgDAfBgNVHSMEGDAWgBQX2dYlJ2f5McJJQ9kw
NkSMbKlP6zAdBgNVHQ4EFgQUfBUJTAmU2S9YM5QLuRO/ffOyL94wDgYDVR0PAQH/
BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMEoGA1UdIARDMEEwNQYMKwYBBAGyMQECAQMEMCUwIwYIKwYBBQUHAgEWF2h0
dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECAjBaBgNVHR8EUzBRME+gTaBL
hklodHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29SU0FPcmdhbml6YXRpb25W
YWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGKBggrBgEFBQcBAQR+MHwwVQYI
KwYBBQUHMAKGSWh0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1JTQU9yZ2Fu
aXphdGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYBBQUHMAGG
F2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMIIBgQYKKwYBBAHWeQIEAgSCAXEEggFt
AWsAdwB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAYwXv9EJAAAE
AwBIMEYCIQDAYIRJVSGSYkEIL2Gss8sbbmHJH9RH/hLBXdoCQMqyHgIhAP1gJ11y
Gl68LNc2zmRuZoZTp++ZP+CnNi2q9HfNdrmpAHcAPxdLT9ciR1iUHWUchL4NEu2Q
N38fhWrrwb8ohez4ZG4AAAGMF7/R3AAABAMASDBGAiEA+xEd7BsKEsh1wCZJJaUF
kXbCXvwFuqbOi+t+o917uHMCIQDhK3564AFIP+n1D2+ApbSmQ/XMCXarQUZ9iKPP
t5o11AB3AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABjBe/0TUA
AAQDAEgwRgIhAI36LaMsHgMIdrQ6no7o5FXUvxQniC3+U5LsLTlewCK7AiEAudUR
itTJ+CulOMw2l+3QPT8DqPl7QR2NV0xLleLAhOAwRwYDVR0RBEAwPoIcbm9ucHJv
ZHByb2QuYXBpbS5tYW51bGlmZS5pb4IeKi5ub25wcm9kcHJvZC5hcGltLm1hbnVs
aWZlLmlvMA0GCSqGSIb3DQEBCwUAA4IBAQCcdZePir3uUHI69nqrb665vnbLu6QE
wIEGJdSFDXh4q8l2XRg1kLTsbzq0D0QtqJAI5JYHoyINFuOU2CeVoitYifpfZ5Ls
R8ucwU1rSYOtZNx+OD78DG7XWVh2zb+0ZA7EHc6bRF51UVffAbXan83mWQAmqERi
OU3/WP+aZTMhJJtWeKfsNpr89t18eg+2qRjcjqL0LWNSr67s9+uinhDGRZskhwcG
1pW1Avy2hIziwbEpCMeZNQX9/RX/cN+rhyI5VDyGegfI6ElyIhr7cJvsPnwYLbiH
Bxk9FfuMZ92YXG9eVXZl12UT2FK7ejfFAzAe3mfhexalGHwX2MRbbfze
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgkSgySMXjCJJoV6+aa8
zYxq6XdIuquCqFzkbGSgsft9lSCuyOXLwrp5jQziOvuPsLgbUQPH7MrQAJJn1hyt
DomHsWxnHdVlIzDWTdZbmp1+G1GKsReQZvBXPbOIQ7OhGrzcOBa9JdYFyTeB0/aN
H86j6LECkcwzT8ByoDgci/ahMAuyIeiN3lwAGvuCNYmB9QjxIm2Ycuovj7/pV4A2
vWJZ954340fNJu02wM09vsyMk4N8rP+4dBWZIX6xlwBbuLdPCVh7eq6tsenRdWgG
4UD36wg8v78igvfCbslTi/5wTpxZS1d7LBLTirPsLTvckaqKTMLTNu/hlpDS3vYc
1wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 271562953993730576011765626295603459113
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-28 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-11-27 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'nonprodprod.apim.manulife.io'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24494704887979578079355592932465244609823929563764080336482454713501302524981088802817294550477582966804805952558604747974134504664427358287589211951402645036521350638922651208137807026963133943764312851038279976116438440852011353157476331176188177424898046437565817821627875107548361190848229145079178756471041152533667683071903398881892276547833703864075606874583580710109319899038024788549483099562980892228817092830535420632148279806484295569286686619863563455085139223049087220797896732966168883216855493437810708428100905210052935295082947007784539645860388541288446503391289614769901489937547462723133668465879
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							7c15094c0994d92f5833940bb913bf7df3b22fde
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (369 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
							016b00770076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018c17bfd1090000040300483046022100c06084495521926241082f61acb3cb1b6e61c91fd447fe12c15dda0240cab21e022100fd60275d721a5ebc2cd736ce646e668653a7ef993fe0a7362daaf477cd76b9a90077003f174b4fd7224758941d651c84be0d12ed90377f1f856aebc1bf2885ecf8646e0000018c17bfd1dc0000040300483046022100fb111dec1b0a12c875c0264925a5059176c25efc05baa6ce8beb7ea3dd7bb873022100e12b7e7ae001483fe9f50f6f80a5b4a643f5cc0976ab41467d88a3cfb79a35d4007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018c17bfd13500000403004830460221008dfa2da32c1e030876b43a9e8ee8e455d4bf1427882dfe5392ec2d395ec022bb022100b9d5118ad4c9f82ba538cc3697edd03d3f03a8f97b411d8d574c4b95e2c084e0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (64 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nonprodprod.apim.manulife.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.nonprodprod.apim.manulife.io'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		009c75978f8abdee50723af67aab6faeb9be76cbbba404c0810625d4850d7878abc9765d183590b4ec6f3ab40f442da89008e49607a3220d16e394d82795a22b5889fa5f6792ec47cb9cc14d6b4983ad64dc7e383efc0c6ed7595876cdbfb4640ec41dce9b445e755157df01b5da9fcde6590026a84462394dff58ff9a653321249b5678a7ec369afcf6dd7c7a0fb6a918dc8ea2f42d6352afaeecf7eba29e10c6459b24870706d695b502fcb6848ce2c1b12908c7993505fdfd15ff70dfab872239543c867a07c8e84972221afb709bec3e7c182db88707193d15fb8c67dd985c6f5e557665d76513d852bb7a37c503301ede67e17b16a5187c17d8c45b6dfcde