johnhancock.com

- Manulife Financial Corporation -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number af:43:2c:78:e5:20:b9:a8:0f:1b:0c:12:69:2d:a2:1b was issued on by Sectigo Limited.

With 88 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Manulife Financial Corporation

Organization: Manulife Financial Corporation
State / Province: Ontario
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate will expire on

Certificate Details

Serial Number (hex): af:43:2c:78:e5:20:b9:a8:0f:1b:0c:12:69:2d:a2:1b
Serial Number (int): 232963685156195803207753444854736986651
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: e6:b6:06:bd:80:5b:d5:b1:cc:73:17:e2:82:05:d8:f6:06:e5:ec:3f
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): 49:4a:34:b7:05:df:66:a8:21:ac:85:47:30:a6:ea:b2:3e:20:fe:ac
Fingerprint (sha256): 1f:6e:50:1b:7f:5e:cf:a0:05:f6:5c:a6:ae:35:99:ad:38:6e:ff:1f:2c:6a:3d:5d:90:9c:62:b8:86:a7:6c:23

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate johnhancock.com

88

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for johnhancock.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

johnhancock.com
10058.johnhancock.com
625church.com
75hawthorne.com
advisor.jhinvestment.com
advisor.jhinvestments.com
advisor.johnhancockinvestments.com
bob.jhfnjunction.com
bob.stage.jhfnjunction.com
consultants.jhinvestments.com
dcio.jhinvestments.com
dcio.johnhancockinvestments.com
dev.jhretirementcalculator.com
dev.johnhancock.com
diablotechnologypark.com
identity.bcomplete.com
internal.johnhancockinvestments.com
jh-dreamui-brokerage-stage.jhase.uat.manulife.com
jhancockannuities.com
jhancockinvestment.com
jhancockinvestments.com
jhancocknewyork.com
jhannuities.com
jhannuitiesny.com
jhannuity.com
jhapps.jhfnjunction.com
jhappsstaging.jhfnjunction.com
jhf529.com
jhinvestment.com
jhinvestments.com
jhredefininglife.com
jhretirementcalculator.com
johnhancockannuities.com
johnhancockfreedom529.com
johnhancockinvestment.com
johnhancockinvestments.com
johnhancocknewyork.com
johnhancockrealestate.com
johnhancocktravel.com
manulife-venture.com
manulifebermuda.com
manuliferealestate.com
manulifeusa.com
mi.jhinvestments.com
news.johnhancock.com
ourdifferentapproach.com
parkplacechandler.com
qa.manulifebermuda.com
ria.jhinvestments.com
ria.johnhancockinvestments.com
sales-tst-tmp.johnhancockinsurance.com
slabtownmarketplace.com
stage.identity.bcomplete.com
stage.jhretirementcalculator.com
stg-cps.jhinvestments.com
stg-tmp.jhinvestments.com
stg.jhinvestments.com
tanasbournecommercecenter.com
test.jhretirementcalculator.com
uat.johnhancocktravel.com
www.625church.com
www.75hawthorne.com
www.diablotechnologypark.com
www.jhancockannuities.com
www.jhancockinvestment.com
www.jhancockinvestments.com
www.jhannuities.com
www.jhannuitiesny.com
www.jhannuity.com
www.jhf529.com
www.jhinvestment.com
www.jhinvestments.com
www.jhredefininglife.com
www.jhretirementcalculator.com
www.johnhancockannuities.com
www.johnhancockfreedom529.com
www.johnhancockinvestment.com
www.johnhancockinvestments.com
www.johnhancockrealestate.com
www.johnhancocktravel.com
www.manulife-venture.com
www.manulifebermuda.com
www.manuliferealestate.com
www.manulifeusa.com
www.ourdifferentapproach.com
www.parkplacechandler.com
www.slabtownmarketplace.com
www.tanasbournecommercecenter.com

Other certificates including the domain name johnhancock.com

(limited to 100 certificates)
johnhancockinsurance.com
stage.identity.jhancock.com
manulife.com
rps.jhancock.com
manulife.com
uat.igpclaimreporting.jhancock.com
qa.johnhancock.com
johnhancock.com
johnhancock.com
onboarding.retirement.johnhancock.com
johnhancock.com
www.jhinvestments.com
stg.johnhancock.com
myplanuat.johnhancock.com
www.jhinvestments.com
qr.retirement.johnhancock.com
dev-tmp.jhinvestments.com
johnhancock.com
www.jhinvestments.com
manulife.com
johnhancock.com
advisorfeedbackhub.johnhancock.com
manulife.com
johnhancock.com
johnhancock.com
crverifyidentity-dev.johnhancock.com
myplanuat.johnhancock.com
www.jhinvestments.com
johnhancock.com
img.retirement.johnhancock.com
johnhancock.com
rps.jhancock.com
manulife.com
johnhancock.com
manulife.com
instant-apply.johnhancockinsurance.com
manulife.com
manulife.com
rps.jhancock.com
instant-apply.johnhancockinsurance.com
qr.myplan.johnhancock.com
manulife.com
digital-uat.customer.johnhancock.com
myplanuat.johnhancock.com
manulife.com
www.jhinvestments.com
digital-uat.customer.johnhancock.com
personalizedretirementadvice.johnhancock.com
rps.jhancock.com
www.jhinvestments.com
johnhancock.com
secure.johnhancock.com
manulife.com
johnhancock.com
johnhancock.com
www.jhinvestments.com
manulife.com
ww4.johnhancock.com
johnhancock.com
johnhancock.com
manulife.com
preferences.johnhancock.com
qr.myplan.johnhancock.com
img.retirement.johnhancock.com
johnhancock.com
manulife.com
jhshsm.johnhancock.com
qr.myplan.johnhancock.com
johnhancock.com
ww4.johnhancock.com
quote-uat.johnhancock.com
stg.johnhancock.com
johnhancock.com
digital.customer.johnhancock.com
johnhancock.com
johnhancockinsurance.com
johnhancock.com
retirementinfo.johnhancock.com
jhaconnect.jhannuities.com
johnhancock.com
johnhancock.com
onboarding.retirement.johnhancock.com
protect.johnhancock.com
jhshsm.johnhancock.com
rps.jhancock.com
qr.retirement.johnhancock.com
manulife.com
johnhancock.com
newonboardingaugust2023.retirement.johnhancock.com
johnhancock.com
rps.jhancock.com
manulife.com
johnhancock.com
manulife.com
johnhancock.com
finapp.johnhancock.com
johnhancock.com
manulife.com
manulife.com
preferencesstg.johnhancock.com

Certificate

The complete raw certificate details for johnhancock.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIPpDCCDoygAwIBAgIRAK9DLHjlILmoDxsMEmktohswDQYJKoZIhvcNAQELBQAw
gZUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE9MDsGA1UE
AxM0U2VjdGlnbyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNl
cnZlciBDQTAeFw0yNDA0MDIwMDAwMDBaFw0yNTA0MDIyMzU5NTlaMGIxCzAJBgNV
BAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMScwJQYDVQQKEx5NYW51bGlmZSBGaW5h
bmNpYWwgQ29ycG9yYXRpb24xGDAWBgNVBAMTD2pvaG5oYW5jb2NrLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMg7CAlK/VooLapMjTmTlaUJ5MrD
+xSKDYzy+BLbF4Tk6O6tPXITX8B+rODC5vz2LxEgeKTlVFx3BQCI3yLy4Np3fjP7
1Aqm28kX2Z7TXiyFrpFxC/IYqTelkMooAZcTPqmLqqWZQHzUSJCpWUp3dCxr8f+e
mEkMrEosAVnl+pAIHYkoWx3XU+XmLqWsn0KKW7oitOpN5zCV9DA74Vkag1Zd3VT/
JaT5Eltd+T7O3+hqBwoGaFv5Vqc0zUWdICx4twL3xc8/9yDnD35/ivgCE4TLGNYf
MvWzgENW2xtII6b9rhkoYqoAj30e/UGOUmv+M9ouqxro5cNZOP+4TTGX9msCAwEA
AaOCDB8wggwbMB8GA1UdIwQYMBaAFBfZ1iUnZ/kxwklD2TA2RIxsqU/rMB0GA1Ud
DgQWBBTmtga9gFvVscxzF+KCBdj2BuXsPzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T
AQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSgYDVR0gBEMw
QTA1BgwrBgEEAbIxAQIBAwQwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdv
LmNvbS9DUFMwCAYGZ4EMAQICMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwu
c2VjdGlnby5jb20vU2VjdGlnb1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1
cmVTZXJ2ZXJDQS5jcmwwgYoGCCsGAQUFBwEBBH4wfDBVBggrBgEFBQcwAoZJaHR0
cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRh
dGlvblNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
c2VjdGlnby5jb20wggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB2AM8RVu7VLnyv
84db2Wkum+kacWdKsBfsrAHSW3fOzDsIAAABjqAvg/AAAAQDAEcwRQIhAP4Mde8G
4QgJzltRHLmwCQWHdw/ZX1sX8olt9fQ8yo/fAiAluhzJDVswl0vrYDes39fBscB2
Ynr3vT8EXe6RbYjsPQB1AKLjCuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfn
AAABjqAvg88AAAQDAEYwRAIgHbberBnUi55NI/domuzv4uRjmZV4yLtnEvAcQ577
rCECIDoUzPJhnRcMvLB9Byb3gmcjVZJrPuAE6P1ZSrmTpI8TAHUATnWjJ1yaEMM4
W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGOoC+D0AAABAMARjBEAiBtHHc4XBjP
pW3a5F53NcYRH2ziO8QCj/18kewGhdySBAIgdmgRb6HPfXweSgGNqs2K7tbILv1W
UZhIClCdQ2i11IwwggjlBgNVHREEggjcMIII2IIPam9obmhhbmNvY2suY29tghUx
MDA1OC5qb2huaGFuY29jay5jb22CDTYyNWNodXJjaC5jb22CDzc1aGF3dGhvcm5l
LmNvbYIYYWR2aXNvci5qaGludmVzdG1lbnQuY29tghlhZHZpc29yLmpoaW52ZXN0
bWVudHMuY29tgiJhZHZpc29yLmpvaG5oYW5jb2NraW52ZXN0bWVudHMuY29tghRi
b2Iuamhmbmp1bmN0aW9uLmNvbYIaYm9iLnN0YWdlLmpoZm5qdW5jdGlvbi5jb22C
HWNvbnN1bHRhbnRzLmpoaW52ZXN0bWVudHMuY29tghZkY2lvLmpoaW52ZXN0bWVu
dHMuY29tgh9kY2lvLmpvaG5oYW5jb2NraW52ZXN0bWVudHMuY29tgh5kZXYuamhy
ZXRpcmVtZW50Y2FsY3VsYXRvci5jb22CE2Rldi5qb2huaGFuY29jay5jb22CGGRp
YWJsb3RlY2hub2xvZ3lwYXJrLmNvbYIWaWRlbnRpdHkuYmNvbXBsZXRlLmNvbYIj
aW50ZXJuYWwuam9obmhhbmNvY2tpbnZlc3RtZW50cy5jb22CMWpoLWRyZWFtdWkt
YnJva2VyYWdlLXN0YWdlLmpoYXNlLnVhdC5tYW51bGlmZS5jb22CFWpoYW5jb2Nr
YW5udWl0aWVzLmNvbYIWamhhbmNvY2tpbnZlc3RtZW50LmNvbYIXamhhbmNvY2tp
bnZlc3RtZW50cy5jb22CE2poYW5jb2NrbmV3eW9yay5jb22CD2poYW5udWl0aWVz
LmNvbYIRamhhbm51aXRpZXNueS5jb22CDWpoYW5udWl0eS5jb22CF2poYXBwcy5q
aGZuanVuY3Rpb24uY29tgh5qaGFwcHNzdGFnaW5nLmpoZm5qdW5jdGlvbi5jb22C
CmpoZjUyOS5jb22CEGpoaW52ZXN0bWVudC5jb22CEWpoaW52ZXN0bWVudHMuY29t
ghRqaHJlZGVmaW5pbmdsaWZlLmNvbYIaamhyZXRpcmVtZW50Y2FsY3VsYXRvci5j
b22CGGpvaG5oYW5jb2NrYW5udWl0aWVzLmNvbYIZam9obmhhbmNvY2tmcmVlZG9t
NTI5LmNvbYIZam9obmhhbmNvY2tpbnZlc3RtZW50LmNvbYIaam9obmhhbmNvY2tp
bnZlc3RtZW50cy5jb22CFmpvaG5oYW5jb2NrbmV3eW9yay5jb22CGWpvaG5oYW5j
b2NrcmVhbGVzdGF0ZS5jb22CFWpvaG5oYW5jb2NrdHJhdmVsLmNvbYIUbWFudWxp
ZmUtdmVudHVyZS5jb22CE21hbnVsaWZlYmVybXVkYS5jb22CFm1hbnVsaWZlcmVh
bGVzdGF0ZS5jb22CD21hbnVsaWZldXNhLmNvbYIUbWkuamhpbnZlc3RtZW50cy5j
b22CFG5ld3Muam9obmhhbmNvY2suY29tghhvdXJkaWZmZXJlbnRhcHByb2FjaC5j
b22CFXBhcmtwbGFjZWNoYW5kbGVyLmNvbYIWcWEubWFudWxpZmViZXJtdWRhLmNv
bYIVcmlhLmpoaW52ZXN0bWVudHMuY29tgh5yaWEuam9obmhhbmNvY2tpbnZlc3Rt
ZW50cy5jb22CJnNhbGVzLXRzdC10bXAuam9obmhhbmNvY2tpbnN1cmFuY2UuY29t
ghdzbGFidG93bm1hcmtldHBsYWNlLmNvbYIcc3RhZ2UuaWRlbnRpdHkuYmNvbXBs
ZXRlLmNvbYIgc3RhZ2UuamhyZXRpcmVtZW50Y2FsY3VsYXRvci5jb22CGXN0Zy1j
cHMuamhpbnZlc3RtZW50cy5jb22CGXN0Zy10bXAuamhpbnZlc3RtZW50cy5jb22C
FXN0Zy5qaGludmVzdG1lbnRzLmNvbYIddGFuYXNib3VybmVjb21tZXJjZWNlbnRl
ci5jb22CH3Rlc3QuamhyZXRpcmVtZW50Y2FsY3VsYXRvci5jb22CGXVhdC5qb2hu
aGFuY29ja3RyYXZlbC5jb22CEXd3dy42MjVjaHVyY2guY29tghN3d3cuNzVoYXd0
aG9ybmUuY29tghx3d3cuZGlhYmxvdGVjaG5vbG9neXBhcmsuY29tghl3d3cuamhh
bmNvY2thbm51aXRpZXMuY29tghp3d3cuamhhbmNvY2tpbnZlc3RtZW50LmNvbYIb
d3d3LmpoYW5jb2NraW52ZXN0bWVudHMuY29tghN3d3cuamhhbm51aXRpZXMuY29t
ghV3d3cuamhhbm51aXRpZXNueS5jb22CEXd3dy5qaGFubnVpdHkuY29tgg53d3cu
amhmNTI5LmNvbYIUd3d3LmpoaW52ZXN0bWVudC5jb22CFXd3dy5qaGludmVzdG1l
bnRzLmNvbYIYd3d3LmpocmVkZWZpbmluZ2xpZmUuY29tgh53d3cuamhyZXRpcmVt
ZW50Y2FsY3VsYXRvci5jb22CHHd3dy5qb2huaGFuY29ja2FubnVpdGllcy5jb22C
HXd3dy5qb2huaGFuY29ja2ZyZWVkb201MjkuY29tgh13d3cuam9obmhhbmNvY2tp
bnZlc3RtZW50LmNvbYIed3d3LmpvaG5oYW5jb2NraW52ZXN0bWVudHMuY29tgh13
d3cuam9obmhhbmNvY2tyZWFsZXN0YXRlLmNvbYIZd3d3LmpvaG5oYW5jb2NrdHJh
dmVsLmNvbYIYd3d3Lm1hbnVsaWZlLXZlbnR1cmUuY29tghd3d3cubWFudWxpZmVi
ZXJtdWRhLmNvbYIad3d3Lm1hbnVsaWZlcmVhbGVzdGF0ZS5jb22CE3d3dy5tYW51
bGlmZXVzYS5jb22CHHd3dy5vdXJkaWZmZXJlbnRhcHByb2FjaC5jb22CGXd3dy5w
YXJrcGxhY2VjaGFuZGxlci5jb22CG3d3dy5zbGFidG93bm1hcmtldHBsYWNlLmNv
bYIhd3d3LnRhbmFzYm91cm5lY29tbWVyY2VjZW50ZXIuY29tMA0GCSqGSIb3DQEB
CwUAA4IBAQCG1x51zUjrxmtE4LYUPJCRQYSq7y2uHXJ1rVaqcQMSmzS3jo3LNz+E
bQtjHWOLpB6bO85Bnnfjn+y75w3S1dVHgn8BBdru6ksBF4F+QCakKC9zk0IbfoEj
IQCf8UJbZUSGMjh2AbFixmUmwtSL+/JLdKayGUCowHzJ+0+X3ZVYcrKCxELrRJt3
a2AoknizpecEVbTDk9wXA61fK5tBtiwjuD3mzgE0UhtlYQp8Tqfw7vUpdkNJZgZm
NIRCreWe5L+1OKd2KfKqGYVhnIi1l/3HP82oCURF3LOBhYRxIgtN2DAR4kNPgeG3
zOaWN9ys18OKH1gPeC+lTGAW5FhibVod
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDsICUr9WigtqkyNOZOV
pQnkysP7FIoNjPL4EtsXhOTo7q09chNfwH6s4MLm/PYvESB4pOVUXHcFAIjfIvLg
2nd+M/vUCqbbyRfZntNeLIWukXEL8hipN6WQyigBlxM+qYuqpZlAfNRIkKlZSnd0
LGvx/56YSQysSiwBWeX6kAgdiShbHddT5eYupayfQopbuiK06k3nMJX0MDvhWRqD
Vl3dVP8lpPkSW135Ps7f6GoHCgZoW/lWpzTNRZ0gLHi3AvfFzz/3IOcPfn+K+AIT
hMsY1h8y9bOAQ1bbG0gjpv2uGShiqgCPfR79QY5Sa/4z2i6rGujlw1k4/7hNMZf2
awIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 232963685156195803207753444854736986651
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-02 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-04-02 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'johnhancock.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25276770457432318304883109042134587962593449675790029531121319672624271670438424392149666038827866914936853795986166927754477044243488250156184712620150087691870864575275920551778694438343105736742253870120328177585895140009918216506992650649459799405232159218983126384938402795162344527422366819117358029212061054276615429425331695477032151595813958217293470762766266352873603874058093555549833517507740053065652707590638671620371979544015356323813684997077862010554921628764768172689307436029475384389417047929861964876328553674714828020436720178477173839599639911128504172843431954708949449844416788423396191368811
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							e6b606bd805bd5b1cc7317e28205d8f606e5ec3f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (360 bytes)
							0166007600cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018ea02f83f00000040300473045022100fe0c75ef06e10809ce5b511cb9b0090587770fd95f5b17f2896df5f43cca8fdf022025ba1cc90d5b30974beb6037acdfd7c1b1c076627af7bd3f045dee916d88ec3d007500a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018ea02f83cf000004030046304402201db6deac19d48b9e4d23f7689aecefe2e463999578c8bb6712f01c439efbac2102203a14ccf2619d170cbcb07d0726f782672355926b3ee004e8fd594ab993a48f130075004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018ea02f83d0000004030046304402206d1c77385c18cfa56ddae45e7735c6111f6ce23bc4028ffd7c91ec0685dc920402207668116fa1cf7d7c1e4a018daacd8aeed6c82efd565198480a509d4368b5d48c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2268 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '10058.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '625church.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '75hawthorne.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'advisor.jhinvestment.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'advisor.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'advisor.johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bob.jhfnjunction.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bob.stage.jhfnjunction.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'consultants.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dcio.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dcio.johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.jhretirementcalculator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'diablotechnologypark.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'identity.bcomplete.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'internal.johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jh-dreamui-brokerage-stage.jhase.uat.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhancockannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhancockinvestment.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhancocknewyork.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhannuitiesny.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhannuity.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapps.jhfnjunction.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhappsstaging.jhfnjunction.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhf529.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhinvestment.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhredefininglife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhretirementcalculator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancockannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancockfreedom529.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancockinvestment.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancocknewyork.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancockrealestate.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancocktravel.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulife-venture.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manuliferealestate.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifeusa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mi.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'news.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ourdifferentapproach.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'parkplacechandler.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ria.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ria.johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sales-tst-tmp.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'slabtownmarketplace.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.identity.bcomplete.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.jhretirementcalculator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg-cps.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg-tmp.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tanasbournecommercecenter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.jhretirementcalculator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat.johnhancocktravel.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.625church.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.75hawthorne.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.diablotechnologypark.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhancockannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhancockinvestment.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhannuitiesny.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhannuity.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhf529.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhinvestment.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhredefininglife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhretirementcalculator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.johnhancockannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.johnhancockfreedom529.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.johnhancockinvestment.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.johnhancockrealestate.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.johnhancocktravel.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulife-venture.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manuliferealestate.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulifeusa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ourdifferentapproach.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.parkplacechandler.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.slabtownmarketplace.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tanasbournecommercecenter.com'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0086d71e75cd48ebc66b44e0b6143c90914184aaef2dae1d7275ad56aa7103129b34b78e8dcb373f846d0b631d638ba41e9b3bce419e77e39fecbbe70dd2d5d547827f0105daeeea4b0117817e4026a4282f7393421b7e812321009ff1425b65448632387601b162c66526c2d48bfbf24b74a6b21940a8c07cc9fb4f97dd955872b282c442eb449b776b60289278b3a5e70455b4c393dc1703ad5f2b9b41b62c23b83de6ce0134521b65610a7c4ea7f0eef529764349660666348442ade59ee4bfb538a77629f2aa1985619c88b597fdc73fcda8094445dcb381858471220b4dd83011e2434f81e1b7cce69637dcacd7c38a1f580f782fa54c6016e458626d5a1d