manulife.com

- Manulife Financial Corporation -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number 26:2f:f2:54:00:02:39:ab:7b:3a:d5:98:78:7b:7a:44 was issued on by Sectigo Limited.

With 64 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Manulife Financial Corporation

Organization: Manulife Financial Corporation
State / Province: Ontario
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate will expire on

Certificate Details

Serial Number (hex): 26:2f:f2:54:00:02:39:ab:7b:3a:d5:98:78:7b:7a:44
Serial Number (int): 50759616790470365161134188609236859460
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: 00:c5:b1:b4:4d:dd:ad:04:a7:f1:db:cc:dd:62:61:09:e7:06:63:cb
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): 39:b5:b1:62:58:b2:1e:77:a0:d1:13:5f:80:1b:3c:dc:d2:fe:f4:0c
Fingerprint (sha256): 17:42:e9:5b:ed:f6:c8:1f:c1:05:e5:85:a1:28:80:9a:c7:8e:9d:84:39:79:c0:72:b4:c2:a1:13:d5:2e:51:66

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate manulife.com

64

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for manulife.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

manulife.com
11321.manulife.com
advisorcafe.ca
agent-stg.johnhancockinsurance.com
api.manulife.com
asampuat.manulife.com
cafeconseiller.ca
cdd-prod-bes.manulife.com
cdd-uat-bes.manulife.com
cdncetdvcacicaafnapp.manulife.io
cdncettscacicaafnapp.manulife.io
cdncetuacacicaafnapp.manulife.io
cdncetuacacicfrtr.manulife.io
dev.github.api.manulife.com
epargnemanuvie.ca
feedback.manulife.com
gbpmfmo.manulife.com
gbwsfederationfmo.manulife.com
github.api.manulife.com
groupsavings.manulife.com
invite.manulifeghnw.com
jhapim-nonprod.dev.developer.manulife.com
jhapim-nonprod.dev.management.manulife.com
jhapim-nonprod.dev.portal.manulife.com
jhapim-nonprod.dev.scm.manulife.com
jhapim.dev.developer.manulife.com
jhapim.dev.management.manulife.com
jhapim.dev.portal.manulife.com
jhapim.dev.scm.manulife.com
johnstonfuturestep.manulife.ca
manulifeplan.ca
manulifepromos.com
mfc.manulife.com
plateformederetroaction.manuvie.ca
qat-grsmembers.manulife.com
qat-grsprpp.manulife.com
sales-stg.manulifebermuda.com
sales.manulifebermuda.com
stage.identity.johnhancock.com
stage.invite.manulifeghnw.com
staging.epargnemanuvie.ca
staging.manulifeplan.ca
test.identity.jhancock.com
test.identity.johnhancock.com
test.invite.manulifeghnw.com
test.jhannuities.com
testc.partnerlink.jhancock.com
tokenize-ds-t1.manulife.com
tokenize-ds.manulife.ca
tokenize-ds.manulife.com
uat-grsmembers.manulife.com
uat-grsprpp.manulife.com
victorinsurance.manulifetravelinsurance.ca
wmsrepo1.manulife.com
wmsrepo2.manulife.com
www.advisorcafe.ca
www.cafeconseiller.ca
www.epargnemanuvie.ca
www.feedback.manulife.com
www.manulifeplan.ca
www.manulifepromos.com
www.plateformederetroaction.manuvie.ca
www.staging.epargnemanuvie.ca
www.staging.manulifeplan.ca

Other certificates including the domain name manulife.com

(limited to 100 certificates)
mlisxivg01.manulife.com
manulife.com
nasbfepool02.mfcgd.com
mfcentral.manulife.com
api1.np.ca.manulife.com
idwicrmapd01.mlijkt01.manulife.com
manulife.com
manulife.com
aidp.manulife.com
azalvedlwrkdp10.p01eaedl.manulife.com
manulife.com
client.manulifebank.com
rps.jhancock.com
manulife.com
sharepoint-externalpartner.uat.ap.manulife.com
hermes.manulife.com
manulife.com
clbs37841.manulife.com
internal.mesh.test.api.manulife.com
azcedlwrks003.s01caedl.manulife.com
manulife.com
cdcwvjhpwast21.americas.manulife.net
daily.manulife.com.vn
click.e.manulife.com
sft.institutional.manulife.com
johnhancock.com
manulife.com
sts.manulife.com
manulife.com
azslvedlmgtdd01.d01saedl.manulife.com
idwicrmapt21.mlijkt01.manulife.com
idwcasp.ap.manulife.com
mfcentral.manulife.com
manulife.com
view-e-ds.manulife.com
idwelems01.mlijkt01.manulife.com
druglookup-client.manulife.com
mfcentral.manulife.com
sharepoint-externalpartner.uat.ap.manulife.com
www-aem-prod.manulife.ca
insttrip.manulife.com
manulife.com
dbpartners.manulife.com
idwinetapt01.mlijkt01.manulife.com
asiacitrix.manulife.com
arrowonramp.manulife.com
manulife.com
qitsso-uat.manulife.com
manulife.com
sf.cac.internal.mesh.dev.api.manulife.com
manulife.com
giam-qa.manulife.com
manulife.com
cconprem.manulife.com
manulife.com
manulife.com
manulife.com
idp.grsportal.ca.manulife.com
manulife.com
insanalyticsdev01.manulife.com
awsuat.manulife.com.kh
idwiqmtapp01.mlijkt01.manulife.com
johnhancock.com
manulife.com
manulife.com
myasoaibp2.ap.manulife.com
remotejp2.manulife.com
johnhancock.com
sharepoint-int.ap.manulife.com
mlifs900g01.manulife.com
nasbaccess01.manulife.com
jhappsstaging-tst.aks.manulife.com
manulife.com
manulife.com
crverifyidentity-dev.johnhancock.com
manulife.com
jpnhoapt09.japan.corp.manulife.com
client.manulifebank.com
preprod.mtls.api.manulife.com
manulife.com
idwietsisft05.mlijkt01.manulife.com
remotehk.manulife.com
azcedledges001.s01caedl.manulife.com
idwcas4tap.ap.manulife.com
manulife.com
mlixnbarplzvnaca.manulife.com
manulife.com
manulife.com
druglookup-client.manulife.com
pcf.manulife.com
proxy.auw.my.underwriting.manulife.com
manulife.com
johnhancock.com
manulife.com
financeit.devsit202201.manulife.com
tw-ssg-fw1.manulife.com
advisor.manulife.ca
azwapnwasm01.mfcgd.com
azuedldbo01.p01usedl.manulife.com
edge.prod-ext.api.manulife.com

Certificate

The complete raw certificate details for manulife.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIINxTCCDK2gAwIBAgIQJi/yVAACOat7OtWYeHt6RDANBgkqhkiG9w0BAQsFADCB
lTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQD
EzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2Vy
dmVyIENBMB4XDTIzMTAyNTAwMDAwMFoXDTI0MTAyNDIzNTk1OVowXzELMAkGA1UE
BhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xJzAlBgNVBAoTHk1hbnVsaWZlIEZpbmFu
Y2lhbCBDb3Jwb3JhdGlvbjEVMBMGA1UEAxMMbWFudWxpZmUuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPDrsbU3igFSRcgnwMWcxWgZ3uBEd+L9
qdheQNIqwNRhrXodpN5eNGHHPx1e3LpyzdNsT74ITIhmoGdQHoLPtfsbMpbbmtNY
uwUX8KPUxb+a2GOMv08wbNdOqL0cWLfP8JmEVpM+KypwTXl2JA+TyI0JUHyzH7q+
DLlv98QSFV0sEockXJ1iOnjmr/482LyASgXCvQKJ8Z5X5vTUBUS50y6O5e9Uw/m+
v/WFbK3V5u9dJAGvK9jL+8HXPlpCe6joR9alhGNqQGKdkR9A3T2kI3IVol4TuvrF
kaXRduhHP1+6z30X0cJKS4MhFxZcmpUaoAviZJj/8D9agf4XVgaI/QIDAQABo4IK
RDCCCkAwHwYDVR0jBBgwFoAUF9nWJSdn+THCSUPZMDZEjGypT+swHQYDVR0OBBYE
FADFsbRN3a0Ep/HbzN1iYQnnBmPLMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBBMDUG
DCsGAQQBsjEBAgEDBDAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29t
L0NQUzAIBgZngQwBAgIwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5zZWN0
aWdvLmNvbS9TZWN0aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNl
cnZlckNBLmNybDCBigYIKwYBBQUHAQEEfjB8MFUGCCsGAQUFBzAChklodHRwOi8v
Y3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FPcmdhbml6YXRpb25WYWxpZGF0aW9u
U2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0
aWdvLmNvbTCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHYAdv+IPwq2+5VRwmHM
9Ye6NLSkzbsp3GhCCp/mZ0xaOnQAAAGLaA2e5gAABAMARzBFAiEAvGVCtC2HoV2i
aZZ+NRTOcJkM1g/ASZIJrDQe59pHkJkCIFFevQF99AZizqBxmoSyiM6QxshzM/w3
DiPktBkaRXHVAHYA2ra/az+1tiKfm8K7XGvocJFxbLtRhIU0vaQ9MEjX+6sAAAGL
aA2fRwAABAMARzBFAiBGi28U+jRgrQzlWVN4gVsdWV4DbTd7n89QgVF4mpgU+QIh
AOv/Tp7HHhMY16FP9tcZCCWTZ6ipEIVicO42pdPK8W1sAHYA7s3QZNXbGs7FXLed
tM0TojKHRny87N7DUUhZRnEftZsAAAGLaA2fFwAABAMARzBFAiAYjnwZEzPUrT/t
j44ahtaG5d5muZPOC4RVkko79KcgywIhAKxBQEcGIK7hXSppllrUW7S/RZYlRK/j
RaWq/Op+x4dxMIIHCAYDVR0RBIIG/zCCBvuCDG1hbnVsaWZlLmNvbYISMTEzMjEu
bWFudWxpZmUuY29tgg5hZHZpc29yY2FmZS5jYYIiYWdlbnQtc3RnLmpvaG5oYW5j
b2NraW5zdXJhbmNlLmNvbYIQYXBpLm1hbnVsaWZlLmNvbYIVYXNhbXB1YXQubWFu
dWxpZmUuY29tghFjYWZlY29uc2VpbGxlci5jYYIZY2RkLXByb2QtYmVzLm1hbnVs
aWZlLmNvbYIYY2RkLXVhdC1iZXMubWFudWxpZmUuY29tgiBjZG5jZXRkdmNhY2lj
YWFmbmFwcC5tYW51bGlmZS5pb4IgY2RuY2V0dHNjYWNpY2FhZm5hcHAubWFudWxp
ZmUuaW+CIGNkbmNldHVhY2FjaWNhYWZuYXBwLm1hbnVsaWZlLmlvgh1jZG5jZXR1
YWNhY2ljZnJ0ci5tYW51bGlmZS5pb4IbZGV2LmdpdGh1Yi5hcGkubWFudWxpZmUu
Y29tghFlcGFyZ25lbWFudXZpZS5jYYIVZmVlZGJhY2subWFudWxpZmUuY29tghRn
YnBtZm1vLm1hbnVsaWZlLmNvbYIeZ2J3c2ZlZGVyYXRpb25mbW8ubWFudWxpZmUu
Y29tghdnaXRodWIuYXBpLm1hbnVsaWZlLmNvbYIZZ3JvdXBzYXZpbmdzLm1hbnVs
aWZlLmNvbYIXaW52aXRlLm1hbnVsaWZlZ2hudy5jb22CKWpoYXBpbS1ub25wcm9k
LmRldi5kZXZlbG9wZXIubWFudWxpZmUuY29tgipqaGFwaW0tbm9ucHJvZC5kZXYu
bWFuYWdlbWVudC5tYW51bGlmZS5jb22CJmpoYXBpbS1ub25wcm9kLmRldi5wb3J0
YWwubWFudWxpZmUuY29tgiNqaGFwaW0tbm9ucHJvZC5kZXYuc2NtLm1hbnVsaWZl
LmNvbYIhamhhcGltLmRldi5kZXZlbG9wZXIubWFudWxpZmUuY29tgiJqaGFwaW0u
ZGV2Lm1hbmFnZW1lbnQubWFudWxpZmUuY29tgh5qaGFwaW0uZGV2LnBvcnRhbC5t
YW51bGlmZS5jb22CG2poYXBpbS5kZXYuc2NtLm1hbnVsaWZlLmNvbYIeam9obnN0
b25mdXR1cmVzdGVwLm1hbnVsaWZlLmNhgg9tYW51bGlmZXBsYW4uY2GCEm1hbnVs
aWZlcHJvbW9zLmNvbYIQbWZjLm1hbnVsaWZlLmNvbYIicGxhdGVmb3JtZWRlcmV0
cm9hY3Rpb24ubWFudXZpZS5jYYIbcWF0LWdyc21lbWJlcnMubWFudWxpZmUuY29t
ghhxYXQtZ3JzcHJwcC5tYW51bGlmZS5jb22CHXNhbGVzLXN0Zy5tYW51bGlmZWJl
cm11ZGEuY29tghlzYWxlcy5tYW51bGlmZWJlcm11ZGEuY29tgh5zdGFnZS5pZGVu
dGl0eS5qb2huaGFuY29jay5jb22CHXN0YWdlLmludml0ZS5tYW51bGlmZWdobncu
Y29tghlzdGFnaW5nLmVwYXJnbmVtYW51dmllLmNhghdzdGFnaW5nLm1hbnVsaWZl
cGxhbi5jYYIadGVzdC5pZGVudGl0eS5qaGFuY29jay5jb22CHXRlc3QuaWRlbnRp
dHkuam9obmhhbmNvY2suY29tghx0ZXN0Lmludml0ZS5tYW51bGlmZWdobncuY29t
ghR0ZXN0LmpoYW5udWl0aWVzLmNvbYIedGVzdGMucGFydG5lcmxpbmsuamhhbmNv
Y2suY29tght0b2tlbml6ZS1kcy10MS5tYW51bGlmZS5jb22CF3Rva2VuaXplLWRz
Lm1hbnVsaWZlLmNhghh0b2tlbml6ZS1kcy5tYW51bGlmZS5jb22CG3VhdC1ncnNt
ZW1iZXJzLm1hbnVsaWZlLmNvbYIYdWF0LWdyc3BycHAubWFudWxpZmUuY29tgip2
aWN0b3JpbnN1cmFuY2UubWFudWxpZmV0cmF2ZWxpbnN1cmFuY2UuY2GCFXdtc3Jl
cG8xLm1hbnVsaWZlLmNvbYIVd21zcmVwbzIubWFudWxpZmUuY29tghJ3d3cuYWR2
aXNvcmNhZmUuY2GCFXd3dy5jYWZlY29uc2VpbGxlci5jYYIVd3d3LmVwYXJnbmVt
YW51dmllLmNhghl3d3cuZmVlZGJhY2subWFudWxpZmUuY29tghN3d3cubWFudWxp
ZmVwbGFuLmNhghZ3d3cubWFudWxpZmVwcm9tb3MuY29tgiZ3d3cucGxhdGVmb3Jt
ZWRlcmV0cm9hY3Rpb24ubWFudXZpZS5jYYIdd3d3LnN0YWdpbmcuZXBhcmduZW1h
bnV2aWUuY2GCG3d3dy5zdGFnaW5nLm1hbnVsaWZlcGxhbi5jYTANBgkqhkiG9w0B
AQsFAAOCAQEAeV0lO8NLN9efT52YVXHEygifcg6AINOmRICPZY/8SYaHJzw6s2BW
S21oljE0+0LjgGblktDYCi70iW8ONJJUHNHtCOHo5YXgtzdvc5ze+r3z7002NolH
gdKp2kGnnhPUJOki5W4zAiDRZL5iIehTHa/VIQYRFxnN56Ommf8MmM9SSJAmZhs6
2hndd8XN8O2+qRQJRwkuwAhvXHHxvCquwmKeRnYg2DyPXWEHryHahoVeCckV18ll
5JDZjBCt7xD6n57tAW3oeUmJBsAzJz7jglRsuEl5IjUIleIBZvUfWXx026aC3hpu
5gttm3TSnpoCqKAqSzPNg0RJdDlZTgIrXw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPDrsbU3igFSRcgnwMWc
xWgZ3uBEd+L9qdheQNIqwNRhrXodpN5eNGHHPx1e3LpyzdNsT74ITIhmoGdQHoLP
tfsbMpbbmtNYuwUX8KPUxb+a2GOMv08wbNdOqL0cWLfP8JmEVpM+KypwTXl2JA+T
yI0JUHyzH7q+DLlv98QSFV0sEockXJ1iOnjmr/482LyASgXCvQKJ8Z5X5vTUBUS5
0y6O5e9Uw/m+v/WFbK3V5u9dJAGvK9jL+8HXPlpCe6joR9alhGNqQGKdkR9A3T2k
I3IVol4TuvrFkaXRduhHP1+6z30X0cJKS4MhFxZcmpUaoAviZJj/8D9agf4XVgaI
/QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 50759616790470365161134188609236859460
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-25 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-10-24 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'manulife.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 17792165110558917412536558246893516915848107135650191073981529118534780714595459671137351310638588452171842660780413928855206907276520660401589748509773062332544524448924277672967032480848583279573321394663483510566109764098029973004480958242232891396404807973966621277948084925537456786378734539487244429632271066235989783973172081133919780132077968189658470190124176399754302816659612520396176777055975060383179140840706389736964481832476071040281989930393441755623052197466937505413455844488723778492545908206817812150974666409462164796531756319977983157726781038583866960102411568353315502491139478708928865798397
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							00c5b1b44dddad04a7f1dbccdd626109e70663cb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							016800760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018b680d9ee60000040300473045022100bc6542b42d87a15da269967e3514ce70990cd60fc0499209ac341ee7da4790990220515ebd017df40662cea0719a84b288ce90c6c87333fc370e23e4b4191a4571d5007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018b680d9f4700000403004730450220468b6f14fa3460ad0ce5595378815b1d595e036d377b9fcf508151789a9814f9022100ebff4e9ec71e1318d7a14ff6d71908259367a8a910856270ee36a5d3caf16d6c007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018b680d9f1700000403004730450220188e7c191333d4ad3fed8f8e1a86d686e5de66b993ce0b8455924a3bf4a720cb022100ac4140470620aee15d2a69965ad45bb4bf45962544afe345a5aafcea7ec78771
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1791 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '11321.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'advisorcafe.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'agent-stg.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'asampuat.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cafeconseiller.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdd-prod-bes.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdd-uat-bes.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdncetdvcacicaafnapp.manulife.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdncettscacicaafnapp.manulife.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdncetuacacicaafnapp.manulife.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdncetuacacicfrtr.manulife.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.github.api.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'epargnemanuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'feedback.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gbpmfmo.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gbwsfederationfmo.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'github.api.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'groupsavings.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'invite.manulifeghnw.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapim-nonprod.dev.developer.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapim-nonprod.dev.management.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapim-nonprod.dev.portal.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapim-nonprod.dev.scm.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapim.dev.developer.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapim.dev.management.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapim.dev.portal.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapim.dev.scm.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnstonfuturestep.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifeplan.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifepromos.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mfc.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'plateformederetroaction.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qat-grsmembers.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qat-grsprpp.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sales-stg.manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sales.manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.identity.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.invite.manulifeghnw.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging.epargnemanuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging.manulifeplan.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.identity.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.identity.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.invite.manulifeghnw.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.jhannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'testc.partnerlink.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tokenize-ds-t1.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tokenize-ds.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tokenize-ds.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat-grsmembers.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat-grsprpp.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'victorinsurance.manulifetravelinsurance.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wmsrepo1.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wmsrepo2.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.advisorcafe.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cafeconseiller.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.epargnemanuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.feedback.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulifeplan.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulifepromos.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.plateformederetroaction.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.staging.epargnemanuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.staging.manulifeplan.ca'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00795d253bc34b37d79f4f9d985571c4ca089f720e8020d3a644808f658ffc498687273c3ab360564b6d68963134fb42e38066e592d0d80a2ef4896f0e3492541cd1ed08e1e8e585e0b7376f739cdefabdf3ef4d3636894781d2a9da41a79e13d424e922e56e330220d164be6221e8531dafd52106111719cde7a3a699ff0c98cf52489026661b3ada19dd77c5cdf0edbea9140947092ec0086f5c71f1bc2aaec2629e467620d83c8f5d6107af21da86855e09c915d7c965e490d98c10adef10fa9f9eed016de879498906c033273ee382546cb8497922350895e20166f51f597c74dba682de1a6ee60b6d9b74d29e9a02a8a02a4b33cd8344497439594e022b5f