tripx-graphql.dev.aks.manulife.ca

- Manulife Financial -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number 34:16:20:26:71:b3:82:a0:1e:af:0a:d7:0a:4a:ea:c5 was issued on by Sectigo Limited.

With 17 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Manulife Financial

Organization: Manulife Financial
Organization unit: Canadian Segment
State / Province: Ontario
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): 34:16:20:26:71:b3:82:a0:1e:af:0a:d7:0a:4a:ea:c5
Serial Number (int): 69234738394669704687179867016879860421
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: 16:fb:b1:42:8d:d6:6f:48:f0:82:c3:ed:bf:27:5a:5b:ab:c0:04:48
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): 21:dd:07:45:ca:55:11:84:8c:14:72:c9:79:87:4d:48:5a:07:d1:80
Fingerprint (sha256): 0e:96:61:6e:8b:d0:a7:40:79:ad:c9:d4:0a:a1:7b:1a:b1:e8:b7:11:d8:b5:2a:33:b2:e6:e4:fd:49:ad:fb:7a

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate tripx-graphql.dev.aks.manulife.ca

17

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for tripx-graphql.dev.aks.manulife.ca

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

tripx-graphql.dev.aks.manulife.ca
tripx-admin.dev.aks.manulife.ca
tripx-auth-api.dev.aks.manulife.ca
tripx-compensation-api.dev.aks.manulife.ca
tripx-config.dev.aks.manulife.ca
tripx-group-policy-api.dev.aks.manulife.ca
tripx-license-api.dev.aks.manulife.ca
tripx-notification-api.dev.aks.manulife.ca
tripx-payment-api.dev.aks.manulife.ca
tripx-policy-api.dev.aks.manulife.ca
tripx-product-api.dev.aks.manulife.ca
tripx-quote-api.dev.aks.manulife.ca
tripx-recommendation-api.dev.aks.manulife.ca
tripx-storybook.dev.aks.manulife.ca
tripx-user-api.dev.aks.manulife.ca
tripx-web-en.dev.aks.manulife.ca
tripx-web-fr.dev.aks.manulife.ca

Other certificates including the domain name manulife.ca

(limited to 100 certificates)
manulife.com
www-aem-qa2.manulife.ca
client.manulifebank.com
manulife.com
manulife.com
content-txn-uat.manulife.ca
www-aem-dev1.manulife.ca
www-aem-dev2.manulife.ca
www-aem-qa.manulife.ca
www-aem-prod.manulife.ca
manulife.com
manulife.com
uat.manulifesecurities.manulife.ca
manulife.com
manulife.com
origin-api.manulifesecurities.manulife.ca
devintegrator.gbi.manulife.ca
manulife.com
manulife.com
manulife.com
cdn.dev.manulife.ca
www-aem-dev1.manulife.ca
manulife.com
mfti-app.np.aks.manulife.ca
preprod.mtls.api.manulife.com
preview.id.manulife.ca
jira-t1.manulife.ca
manulife.com
manulife.com
dev.portal.manulife.ca
advisor.manulife.ca
qa.manulifesecurities.manulife.ca
edge.prod-ext.api.manulife.com
www-aem-prod.manulife.ca
www-aem-dev2.manulife.ca
manulife.com
uat.statements.manulifebank.ca
manulife.com
manulife.com
manulife.com
manulife.com
manulife.com
artifactory-test.manulife.ca
manulife.com
hf.integrator.gbi.manulife.ca
manulife.com
content-txn-dev.manulife.ca
manulife.com
retirement.manulife.ca
saml-advisors.preview.manulife.ca
interac-uat.manulifebank.ca
manulife.com
content-txn-prd.manulife.ca
manulife.com
manulife.com
integrator.gbi.manulife.ca
manulife.com
sf-service-medallia-dev.manulife.ca
manulife.com
manulife.com
www-aem-dev.manulife.ca
manulife.com
manulife.com
manulife.com
manulife.com
manulife.com
manulife.com
manulife.com
nonprod.vitalityservice.manulife.ca
tripx-graphql.dev.aks.manulife.ca
manulife.com
edge.sandbox-dev.api.manulife.com
snowbound-viewer-prd.manulife.ca
manulife.com
dev.policyservice.manulife.ca
manulife.com
www-aem-qa.manulife.ca
content-txn-dev.manulife.ca
edge.prod-ext.api.manulife.com
hf.gbi.manulife.ca
interac-uat.manulifebank.ca
manulife.com
manulife.com
www-aem-stage.manulife.ca
manulife.com
manulife.com
manulife.com
mail-ds.manulife.ca
manulife.com
dev.jmeter.aks.manulife.ca
www.insurance.manulife.ca
manulife.com
manulife.com
manulife.com
manulife.com
manulife.com
stage.manulifesecurities.manulife.ca
www-aem-dev.manulife.ca
manulife.com
portal.manulife.ca

Certificate

The complete raw certificate details for tripx-graphql.dev.aks.manulife.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIICzCCBvOgAwIBAgIQNBYgJnGzgqAerwrXCkrqxTANBgkqhkiG9w0BAQsFADCB
lTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQD
EzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2Vy
dmVyIENBMB4XDTIxMTEzMDAwMDAwMFoXDTIyMTEzMDIzNTk1OVowgYMxCzAJBgNV
BAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMRswGQYDVQQKExJNYW51bGlmZSBGaW5h
bmNpYWwxGTAXBgNVBAsTEENhbmFkaWFuIFNlZ21lbnQxKjAoBgNVBAMTIXRyaXB4
LWdyYXBocWwuZGV2LmFrcy5tYW51bGlmZS5jYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMD4BSMSxbAN0RAdUrGq+UvU5zsoy4UCtMITEOtuj3KAoC0A
MvFpSiYNcLlvHyA/ZlvDz6Iu1kRiMDjPy9sodxv1kHqJyxQDqYhHbdyXaFQSEb0E
qWvWfMEgKu7xejniPwuMQIl+l/fuVAipnLJiic2Y2QuJ/2bhsYiNb7MfeXSDtSYa
rLJMVn+QO3YUUjOluCUOsxbUWEER6t8GaWsdTRG7MkZdZQ96Uj3rHlvlqKlA+aTf
vItlibBaarFqMBH1fFBo0JIs4RULCW2t2xPT8OJaRJ6hbrxIkaPvkrivUbakO1im
laBNDxAXxrLHChxXjq90NHj8HI06v9a164BXVhcCAwEAAaOCBGUwggRhMB8GA1Ud
IwQYMBaAFBfZ1iUnZ/kxwklD2TA2RIxsqU/rMB0GA1UdDgQWBBQW+7FCjdZvSPCC
w+2/J1pbq8AESDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSgYDVR0gBEMwQTA1BgwrBgEEAbIxAQIB
AwQwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EM
AQICMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2Vj
dGlnb1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmww
gYoGCCsGAQUFBwEBBH4wfDBVBggrBgEFBQcwAoZJaHR0cDovL2NydC5zZWN0aWdv
LmNvbS9TZWN0aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZl
ckNBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wEwYK
KwYBBAHWeQIEAwEB/wQCBQAwggKWBgNVHREEggKNMIICiYIhdHJpcHgtZ3JhcGhx
bC5kZXYuYWtzLm1hbnVsaWZlLmNhgh90cmlweC1hZG1pbi5kZXYuYWtzLm1hbnVs
aWZlLmNhgiJ0cmlweC1hdXRoLWFwaS5kZXYuYWtzLm1hbnVsaWZlLmNhgip0cmlw
eC1jb21wZW5zYXRpb24tYXBpLmRldi5ha3MubWFudWxpZmUuY2GCIHRyaXB4LWNv
bmZpZy5kZXYuYWtzLm1hbnVsaWZlLmNhgip0cmlweC1ncm91cC1wb2xpY3ktYXBp
LmRldi5ha3MubWFudWxpZmUuY2GCJXRyaXB4LWxpY2Vuc2UtYXBpLmRldi5ha3Mu
bWFudWxpZmUuY2GCKnRyaXB4LW5vdGlmaWNhdGlvbi1hcGkuZGV2LmFrcy5tYW51
bGlmZS5jYYIldHJpcHgtcGF5bWVudC1hcGkuZGV2LmFrcy5tYW51bGlmZS5jYYIk
dHJpcHgtcG9saWN5LWFwaS5kZXYuYWtzLm1hbnVsaWZlLmNhgiV0cmlweC1wcm9k
dWN0LWFwaS5kZXYuYWtzLm1hbnVsaWZlLmNhgiN0cmlweC1xdW90ZS1hcGkuZGV2
LmFrcy5tYW51bGlmZS5jYYIsdHJpcHgtcmVjb21tZW5kYXRpb24tYXBpLmRldi5h
a3MubWFudWxpZmUuY2GCI3RyaXB4LXN0b3J5Ym9vay5kZXYuYWtzLm1hbnVsaWZl
LmNhgiJ0cmlweC11c2VyLWFwaS5kZXYuYWtzLm1hbnVsaWZlLmNhgiB0cmlweC13
ZWItZW4uZGV2LmFrcy5tYW51bGlmZS5jYYIgdHJpcHgtd2ViLWZyLmRldi5ha3Mu
bWFudWxpZmUuY2EwDQYJKoZIhvcNAQELBQADggEBAIApwraEvyGtHmAPrYbQHPze
ggLLGzfGnl3DWreU8MWXm6KsMquIfaPHppHQgFvwnn1oM/euqBLKp8B4Sg4Kilro
1vr4dwRYHoGa8F4GJgXJKClDZWxclItl1ro12MtqulVuyRaUZ+ASJ2jvharbDWme
YGhDFRq8XFytLVLZ8snJzf4+hEysW3uPLnuwxRcUpte/jUpzEvRtDP27IVvdv2o5
h2NHmDJz4rCqZxJ/iI8RA501WFPof97QI6GRGg6clRFLDBEKLIwY3dOUNoDET6ne
98hvL585D6QV9ood5csrK7GnYagpfXzTdEXACBEwmfvI0+6cRjKUx+FjJfOif5g=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPgFIxLFsA3REB1Ssar5
S9TnOyjLhQK0whMQ626PcoCgLQAy8WlKJg1wuW8fID9mW8PPoi7WRGIwOM/L2yh3
G/WQeonLFAOpiEdt3JdoVBIRvQSpa9Z8wSAq7vF6OeI/C4xAiX6X9+5UCKmcsmKJ
zZjZC4n/ZuGxiI1vsx95dIO1JhqsskxWf5A7dhRSM6W4JQ6zFtRYQRHq3wZpax1N
EbsyRl1lD3pSPeseW+WoqUD5pN+8i2WJsFpqsWowEfV8UGjQkizhFQsJba3bE9Pw
4lpEnqFuvEiRo++SuK9RtqQ7WKaVoE0PEBfGsscKHFeOr3Q0ePwcjTq/1rXrgFdW
FwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 69234738394669704687179867016879860421
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-11-30 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-11-30 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Canadian Segment'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'tripx-graphql.dev.aks.manulife.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24360057806542842305529877200093641507659202134218696407974976327210641189908059531427188798130029873011598042746887448247284561564769597994157992153844262548767018838084376510522990298410659762153035994274756985902220011584303916776956472688756392461889267933543187072352593375666396153871802006052908247485928432304505865217970961930824253620534579971280023018332787133887410677214126676224785783751587098737702543317110436249493028897007775700262986066618510374291148947697237800284693427380169284848213021470446839903426985648816215558154765752599421592339177061706834866173569074511626443351640741615980642784791
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							16fbb1428dd66f48f082c3edbf275a5babc00448
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (653 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripx-graphql.dev.aks.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripx-admin.dev.aks.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripx-auth-api.dev.aks.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripx-compensation-api.dev.aks.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripx-config.dev.aks.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripx-group-policy-api.dev.aks.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripx-license-api.dev.aks.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripx-notification-api.dev.aks.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripx-payment-api.dev.aks.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripx-policy-api.dev.aks.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripx-product-api.dev.aks.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripx-quote-api.dev.aks.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripx-recommendation-api.dev.aks.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripx-storybook.dev.aks.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripx-user-api.dev.aks.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripx-web-en.dev.aks.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripx-web-fr.dev.aks.manulife.ca'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		008029c2b684bf21ad1e600fad86d01cfcde8202cb1b37c69e5dc35ab794f0c5979ba2ac32ab887da3c7a691d0805bf09e7d6833f7aea812caa7c0784a0e0a8a5ae8d6faf87704581e819af05e062605c9282943656c5c948b65d6ba35d8cb6aba556ec9169467e0122768ef85aadb0d699e606843151abc5c5cad2d52d9f2c9c9cdfe3e844cac5b7b8f2e7bb0c51714a6d7bf8d4a7312f46d0cfdbb215bddbf6a39876347983273e2b0aa67127f888f11039d355853e87fded023a1911a0e9c95114b0c110a2c8c18ddd3943680c44fa9def7c86f2f9f390fa415f68a1de5cb2b2bb1a761a8297d7cd37445c008113099fbc8d3ee9c463294c7e16325f3a27f98