www-aem-stage.manulife.ca

- Manulife Financial -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number 59:30:d9:b9:81:0d:b3:9d:f4:4d:03:a8:7f:cf:7d:62 was issued on by Sectigo Limited.

With 35 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Manulife Financial

Organization: Manulife Financial
Organization unit: Canadian Division
Address: 500 King Street North
Postal code: N2J 4C6
State / Province: Ontario
Locality: Waterloo
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): 59:30:d9:b9:81:0d:b3:9d:f4:4d:03:a8:7f:cf:7d:62
Serial Number (int): 118554937854101372485944231372268731746
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: b3:9b:20:34:11:3d:5e:0d:b5:9a:02:db:2c:c1:c1:8b:13:7f:7a:6b
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): 78:b3:44:72:11:7f:8e:eb:59:f4:27:40:46:e7:6e:12:7a:32:0f:a8
Fingerprint (sha256): 12:dc:02:f1:93:fc:29:86:a3:4d:38:d8:92:d2:8f:d6:3e:33:fd:89:ba:9d:9a:53:8d:09:19:26:14:2d:b6:20

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate www-aem-stage.manulife.ca

35

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www-aem-stage.manulife.ca

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www-aem-stage.manulife.ca
author-aem-stage.manulife.ca
www-aem-stage.assurance-manuvie.ca
www-aem-stage.bank.manulife.ca
www-aem-stage.bank.manuvie.ca
www-aem-stage.cmtcp.manulife.ca
www-aem-stage.cmtcp.manuvie.ca
www-aem-stage.coverme.manulife.ca
www-aem-stage.coverme.manuvie.ca
www-aem-stage.cpao.manulife.ca
www-aem-stage.cpao.manuvie.ca
www-aem-stage.developer.manulife.ca
www-aem-stage.developer.manuvie.ca
www-aem-stage.groupbenefits.manulife.ca
www-aem-stage.headless.manulife.ca
www-aem-stage.info.manulife.ca
www-aem-stage.info.manuvie.ca
www-aem-stage.legacy.manulife.ca
www-aem-stage.legacy.manuvie.ca
www-aem-stage.manulife-group-plans.ca
www-aem-stage.manulife-insurance.ca
www-aem-stage.manulife-securities.manulife.ca
www-aem-stage.manulife-securities.manuvie.ca
www-aem-stage.manuvie.ca
www-aem-stage.mpw.manulife.ca
www-aem-stage.mpw.manuvie.ca
www-aem-stage.offers.bank.manulife.ca
www-aem-stage.offres.bank.manuvie.ca
www-aem-stage.regimes-collectifs-manuvie.ca
www-aem-stage.rr.manulife.ca
www-aem-stage.rr.manuvie.ca
www-aem-stage.travel.manulife.ca
www-aem-stage.travel.manuvie.ca
www-aem-stage.travelb2b.manulife.ca
www-aem-stage.travelb2b.manuvie.ca

Other certificates including the domain name manulife.ca

(limited to 100 certificates)
manulife.com
www-aem-qa2.manulife.ca
client.manulifebank.com
manulife.com
manulife.com
content-txn-uat.manulife.ca
www-aem-dev1.manulife.ca
www-aem-dev2.manulife.ca
www-aem-qa.manulife.ca
www-aem-prod.manulife.ca
manulife.com
manulife.com
uat.manulifesecurities.manulife.ca
manulife.com
manulife.com
origin-api.manulifesecurities.manulife.ca
devintegrator.gbi.manulife.ca
manulife.com
manulife.com
manulife.com
cdn.dev.manulife.ca
www-aem-dev1.manulife.ca
manulife.com
mfti-app.np.aks.manulife.ca
preprod.mtls.api.manulife.com
preview.id.manulife.ca
jira-t1.manulife.ca
manulife.com
manulife.com
dev.portal.manulife.ca
advisor.manulife.ca
qa.manulifesecurities.manulife.ca
edge.prod-ext.api.manulife.com
www-aem-prod.manulife.ca
www-aem-dev2.manulife.ca
manulife.com
uat.statements.manulifebank.ca
manulife.com
manulife.com
manulife.com
manulife.com
manulife.com
artifactory-test.manulife.ca
manulife.com
hf.integrator.gbi.manulife.ca
manulife.com
content-txn-dev.manulife.ca
retirement.manulife.ca
saml-advisors.preview.manulife.ca
interac-uat.manulifebank.ca
manulife.com
content-txn-prd.manulife.ca
manulife.com
manulife.com
integrator.gbi.manulife.ca
manulife.com
sf-service-medallia-dev.manulife.ca
manulife.com
manulife.com
www-aem-dev.manulife.ca
manulife.com
manulife.com
manulife.com
manulife.com
manulife.com
manulife.com
nonprod.vitalityservice.manulife.ca
tripx-graphql.dev.aks.manulife.ca
manulife.com
snowbound-viewer-prd.manulife.ca
manulife.com
dev.policyservice.manulife.ca
manulife.com
www-aem-qa.manulife.ca
content-txn-dev.manulife.ca
edge.prod-ext.api.manulife.com
hf.gbi.manulife.ca
interac-uat.manulifebank.ca
manulife.com
manulife.com
www-aem-stage.manulife.ca
manulife.com
manulife.com
manulife.com
mail-ds.manulife.ca
manulife.com
dev.jmeter.aks.manulife.ca
www.insurance.manulife.ca
manulife.com
manulife.com
manulife.com
manulife.com
manulife.com
stage.manulifesecurities.manulife.ca
www-aem-dev.manulife.ca
manulife.com
portal.manulife.ca
manulife.com
manulife.com
uat.advisor.manulife.ca

Certificate

The complete raw certificate details for www-aem-stage.manulife.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIKejCCCWKgAwIBAgIQWTDZuYENs530TQOof899YjANBgkqhkiG9w0BAQsFADCB
lTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQD
EzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2Vy
dmVyIENBMB4XDTIwMDYwNTAwMDAwMFoXDTIyMDYwNTIzNTk1OVowgcExCzAJBgNV
BAYTAkNBMRAwDgYDVQQREwdOMkogNEM2MRAwDgYDVQQIEwdPbnRhcmlvMREwDwYD
VQQHEwhXYXRlcmxvbzEeMBwGA1UECRMVNTAwIEtpbmcgU3RyZWV0IE5vcnRoMRsw
GQYDVQQKExJNYW51bGlmZSBGaW5hbmNpYWwxGjAYBgNVBAsTEUNhbmFkaWFuIERp
dmlzaW9uMSIwIAYDVQQDExl3d3ctYWVtLXN0YWdlLm1hbnVsaWZlLmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2nvG10sOqB4E6UF7RJZa0nIoKFiz
nLjRGEQualJugMX90w1J98uyqhvcsnuzsV5d12y2iD4YK6aVUxl/Gm0wi8UgnXhh
UVdce6qaJx4r33JuRy1gA5FWsFFdogHiKXqxGUv8BPfqDRRkLuq9B9ZNhaZqTYrw
Zvfblb5ziO3LzypHR9OXeJ7L/6GWeoHSxlOvjAcSdwYcdqeUYpzIpNDPc1Fpu1vb
DzXS/8c6Dmqy9QZ43x6goO9Uc9crAfqmCsLVXBOCNLyXXr3eZ5Usr4P7Xr2Ua1l/
j/QK52UhencLtmbcLjR/eQXxyb49CU4Vw65h89HHUndmg+PIjLNGdDw66wIDAQAB
o4IGljCCBpIwHwYDVR0jBBgwFoAUF9nWJSdn+THCSUPZMDZEjGypT+swHQYDVR0O
BBYEFLObIDQRPV4NtZoC2yzBwYsTf3prMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBB
MDUGDCsGAQQBsjEBAgEDBDAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28u
Y29tL0NQUzAIBgZngQwBAgIwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5z
ZWN0aWdvLmNvbS9TZWN0aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3Vy
ZVNlcnZlckNBLmNybDCBigYIKwYBBQUHAQEEfjB8MFUGCCsGAQUFBzAChklodHRw
Oi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FPcmdhbml6YXRpb25WYWxpZGF0
aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5z
ZWN0aWdvLmNvbTATBgorBgEEAdZ5AgQDAQH/BAIFADCCBMcGA1UdEQSCBL4wggS6
ghl3d3ctYWVtLXN0YWdlLm1hbnVsaWZlLmNhghxhdXRob3ItYWVtLXN0YWdlLm1h
bnVsaWZlLmNhgiJ3d3ctYWVtLXN0YWdlLmFzc3VyYW5jZS1tYW51dmllLmNhgh53
d3ctYWVtLXN0YWdlLmJhbmsubWFudWxpZmUuY2GCHXd3dy1hZW0tc3RhZ2UuYmFu
ay5tYW51dmllLmNhgh93d3ctYWVtLXN0YWdlLmNtdGNwLm1hbnVsaWZlLmNhgh53
d3ctYWVtLXN0YWdlLmNtdGNwLm1hbnV2aWUuY2GCIXd3dy1hZW0tc3RhZ2UuY292
ZXJtZS5tYW51bGlmZS5jYYIgd3d3LWFlbS1zdGFnZS5jb3Zlcm1lLm1hbnV2aWUu
Y2GCHnd3dy1hZW0tc3RhZ2UuY3Bhby5tYW51bGlmZS5jYYIdd3d3LWFlbS1zdGFn
ZS5jcGFvLm1hbnV2aWUuY2GCI3d3dy1hZW0tc3RhZ2UuZGV2ZWxvcGVyLm1hbnVs
aWZlLmNhgiJ3d3ctYWVtLXN0YWdlLmRldmVsb3Blci5tYW51dmllLmNhgid3d3ct
YWVtLXN0YWdlLmdyb3VwYmVuZWZpdHMubWFudWxpZmUuY2GCInd3dy1hZW0tc3Rh
Z2UuaGVhZGxlc3MubWFudWxpZmUuY2GCHnd3dy1hZW0tc3RhZ2UuaW5mby5tYW51
bGlmZS5jYYIdd3d3LWFlbS1zdGFnZS5pbmZvLm1hbnV2aWUuY2GCIHd3dy1hZW0t
c3RhZ2UubGVnYWN5Lm1hbnVsaWZlLmNhgh93d3ctYWVtLXN0YWdlLmxlZ2FjeS5t
YW51dmllLmNhgiV3d3ctYWVtLXN0YWdlLm1hbnVsaWZlLWdyb3VwLXBsYW5zLmNh
giN3d3ctYWVtLXN0YWdlLm1hbnVsaWZlLWluc3VyYW5jZS5jYYItd3d3LWFlbS1z
dGFnZS5tYW51bGlmZS1zZWN1cml0aWVzLm1hbnVsaWZlLmNhgix3d3ctYWVtLXN0
YWdlLm1hbnVsaWZlLXNlY3VyaXRpZXMubWFudXZpZS5jYYIYd3d3LWFlbS1zdGFn
ZS5tYW51dmllLmNhgh13d3ctYWVtLXN0YWdlLm1wdy5tYW51bGlmZS5jYYIcd3d3
LWFlbS1zdGFnZS5tcHcubWFudXZpZS5jYYIld3d3LWFlbS1zdGFnZS5vZmZlcnMu
YmFuay5tYW51bGlmZS5jYYIkd3d3LWFlbS1zdGFnZS5vZmZyZXMuYmFuay5tYW51
dmllLmNhgit3d3ctYWVtLXN0YWdlLnJlZ2ltZXMtY29sbGVjdGlmcy1tYW51dmll
LmNhghx3d3ctYWVtLXN0YWdlLnJyLm1hbnVsaWZlLmNhght3d3ctYWVtLXN0YWdl
LnJyLm1hbnV2aWUuY2GCIHd3dy1hZW0tc3RhZ2UudHJhdmVsLm1hbnVsaWZlLmNh
gh93d3ctYWVtLXN0YWdlLnRyYXZlbC5tYW51dmllLmNhgiN3d3ctYWVtLXN0YWdl
LnRyYXZlbGIyYi5tYW51bGlmZS5jYYIid3d3LWFlbS1zdGFnZS50cmF2ZWxiMmIu
bWFudXZpZS5jYTANBgkqhkiG9w0BAQsFAAOCAQEAQIi/+e6UPbfERXdURhZHZuTN
3j8/KqrIpT+d8KWURxefHe1rS/DeNuHztgfRIB2nWJnITADFpun7h/ClUji0JpUk
xQabnScDNYfzwz1LxYy9pncbMUhmbZL17vy0Hsw/QBoEO/zeoytye+bFQTRaB1+g
9q6TFhteLtK33zmpHB0akGCVwIdpZC0aI+9/o4HhICDVtBFDGTuFNkGQO3Efc/C/
RJoQ+UiapFAjW0zFfqM+fTtT+zZHzLDTyqld14z6GblM98fGMLXy92FyojhvNHaC
8wvmsJP8M0FMUIq3Bwb/54xU6Z9/TqZg4fqkdYLuewWxCCseojU0VxGNamAWOg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2nvG10sOqB4E6UF7RJZa
0nIoKFiznLjRGEQualJugMX90w1J98uyqhvcsnuzsV5d12y2iD4YK6aVUxl/Gm0w
i8UgnXhhUVdce6qaJx4r33JuRy1gA5FWsFFdogHiKXqxGUv8BPfqDRRkLuq9B9ZN
haZqTYrwZvfblb5ziO3LzypHR9OXeJ7L/6GWeoHSxlOvjAcSdwYcdqeUYpzIpNDP
c1Fpu1vbDzXS/8c6Dmqy9QZ43x6goO9Uc9crAfqmCsLVXBOCNLyXXr3eZ5Usr4P7
Xr2Ua1l/j/QK52UhencLtmbcLjR/eQXxyb49CU4Vw65h89HHUndmg+PIjLNGdDw6
6wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 118554937854101372485944231372268731746
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-06-05 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-06-05 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'N2J 4C6'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Waterloo'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '500 King Street North'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Canadian Division'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www-aem-stage.manulife.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27580987059385821885540301135304648274747907571648106651222713637941439859780009522483068953071812680569445708213443937439679720949575189481682411387850906508101148857419324091555466389265770092914738200801204355520718638091990828632298532598568534019854634103219003606927067425359615958568984490078664595329737336362252007483609215412712524737221850407725538484511031932056471901752700089037788133426464470393269792395318289211184954687030911221673038772591901990687854147974797678150881547161126332534990598777378329240694728634803651293826092824329653970147459925457312793098119564063460151020248760092449750924011
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b39b2034113d5e0db59a02db2cc1c18b137f7a6b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1214 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'author-aem-stage.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.assurance-manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.bank.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.bank.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.cmtcp.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.cmtcp.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.coverme.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.coverme.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.cpao.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.cpao.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.developer.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.developer.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.groupbenefits.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.headless.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.info.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.info.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.legacy.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.legacy.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.manulife-group-plans.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.manulife-insurance.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.manulife-securities.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.manulife-securities.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.mpw.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.mpw.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.offers.bank.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.offres.bank.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.regimes-collectifs-manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.rr.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.rr.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.travel.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.travel.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.travelb2b.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-aem-stage.travelb2b.manuvie.ca'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004088bff9ee943db7c445775446164766e4cdde3f3f2aaac8a53f9df0a59447179f1ded6b4bf0de36e1f3b607d1201da75899c84c00c5a6e9fb87f0a55238b4269524c5069b9d27033587f3c33d4bc58cbda6771b3148666d92f5eefcb41ecc3f401a043bfcdea32b727be6c541345a075fa0f6ae93161b5e2ed2b7df39a91c1d1a906095c08769642d1a23ef7fa381e12020d5b41143193b853641903b711f73f0bf449a10f9489aa450235b4cc57ea33e7d3b53fb3647ccb0d3caa95dd78cfa19b94cf7c7c630b5f2f76172a2386f347682f30be6b093fc33414c508ab70706ffe78c54e99f7f4ea660e1faa47582ee7b05b1082b1ea2353457118d6a60163a