manulife.com

- Manulife Financial -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number 41:a1:4d:ff:03:e5:24:f9:31:23:90:60:23:f3:e5:1a was issued on by Sectigo Limited.

With 48 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Manulife Financial

Organization: Manulife Financial
State / Province: Ontario
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): 41:a1:4d:ff:03:e5:24:f9:31:23:90:60:23:f3:e5:1a
Serial Number (int): 87237361470170034947098874542009083162
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: f2:09:f4:e0:f1:e5:9e:67:39:0c:ac:d7:6e:c1:0a:d6:45:da:03:bf
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): 0c:03:68:f9:36:47:68:c3:72:ab:94:2b:6f:a2:51:ce:05:5f:f8:d0
Fingerprint (sha256): 3f:38:3c:79:eb:8a:07:12:6c:a1:1f:1e:75:92:21:f1:6a:56:c1:07:96:1e:c6:79:5f:1b:71:14:d4:79:2c:c1

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate manulife.com

48

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for manulife.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

manulife.com
11321.manulife.com
advisorcafe.ca
agent-stg.johnhancockinsurance.com
api.manulife.com
cafeconseiller.ca
cdncetdvcacicaafnapp.manulife.io
cdncetuacacicfrtr.manulife.io
dev.github.api.manulife.com
dpcon.manulifesecurities.ca
dpmobilemsi.manulifesecurities.ca
dpmobilemsii.manulifesecurities.ca
dpmobilemsisi.manulifesecurities.ca
dpmobileppd.manulifesecurities.ca
dprc.manulifesecurities.ca
edi-designer.manulife.ca
edi-hotfix-designer.manulife.ca
edi-preprod-designer.manulife.ca
edi-staging-designer.manulife.ca
edi-uat-designer.manulife.ca
github.api.manulife.com
groupsavings.manulife.com
johnstonfuturestep.manulife.ca
manulifeprpp.com
mfc.manulife.com
mfcentral.manulife.com
prosceniumatl.com
qat-grsmembers.manulife.com
qat-grsprpp.manulife.com
sales-stg.manulifebermuda.com
stage.identity.johnhancock.com
staging.epargnemanuvie.ca
staging.manulifeplan.ca
test.identity.jhancock.com
test.identity.johnhancock.com
test.jhannuities.com
testc.partnerlink.jhancock.com
uat-grsmembers.manulife.com
uat-grsprpp.manulife.com
victorinsurance.manulifetravelinsurance.ca
wmsrepo1.manulife.com
wmsrepo2.manulife.com
www.advisorcafe.ca
www.cafeconseiller.ca
www.epargnemanuvie.ca
www.manulifeplan.ca
www.manulifeprpp.com
www.prosceniumatl.com

Other certificates including the domain name manulife.com

(limited to 100 certificates)
mlisxivg01.manulife.com
manulife.com
nasbfepool02.mfcgd.com
mfcentral.manulife.com
api1.np.ca.manulife.com
idwicrmapd01.mlijkt01.manulife.com
manulife.com
manulife.com
aidp.manulife.com
azalvedlwrkdp10.p01eaedl.manulife.com
manulife.com
client.manulifebank.com
rps.jhancock.com
manulife.com
sharepoint-externalpartner.uat.ap.manulife.com
hermes.manulife.com
manulife.com
clbs37841.manulife.com
internal.mesh.test.api.manulife.com
azcedlwrks003.s01caedl.manulife.com
manulife.com
cdcwvjhpwast21.americas.manulife.net
daily.manulife.com.vn
click.e.manulife.com
sft.institutional.manulife.com
johnhancock.com
manulife.com
sts.manulife.com
manulife.com
azslvedlmgtdd01.d01saedl.manulife.com
idwicrmapt21.mlijkt01.manulife.com
idwcasp.ap.manulife.com
mfcentral.manulife.com
manulife.com
view-e-ds.manulife.com
idwelems01.mlijkt01.manulife.com
druglookup-client.manulife.com
mfcentral.manulife.com
sharepoint-externalpartner.uat.ap.manulife.com
www-aem-prod.manulife.ca
insttrip.manulife.com
manulife.com
dbpartners.manulife.com
idwinetapt01.mlijkt01.manulife.com
asiacitrix.manulife.com
arrowonramp.manulife.com
manulife.com
qitsso-uat.manulife.com
manulife.com
sf.cac.internal.mesh.dev.api.manulife.com
manulife.com
giam-qa.manulife.com
manulife.com
cconprem.manulife.com
manulife.com
manulife.com
manulife.com
idp.grsportal.ca.manulife.com
manulife.com
insanalyticsdev01.manulife.com
awsuat.manulife.com.kh
idwiqmtapp01.mlijkt01.manulife.com
johnhancock.com
manulife.com
manulife.com
myasoaibp2.ap.manulife.com
remotejp2.manulife.com
johnhancock.com
sharepoint-int.ap.manulife.com
mlifs900g01.manulife.com
nasbaccess01.manulife.com
jhappsstaging-tst.aks.manulife.com
manulife.com
manulife.com
crverifyidentity-dev.johnhancock.com
manulife.com
jpnhoapt09.japan.corp.manulife.com
client.manulifebank.com
preprod.mtls.api.manulife.com
manulife.com
idwietsisft05.mlijkt01.manulife.com
remotehk.manulife.com
azcedledges001.s01caedl.manulife.com
idwcas4tap.ap.manulife.com
manulife.com
mlixnbarplzvnaca.manulife.com
manulife.com
manulife.com
druglookup-client.manulife.com
pcf.manulife.com
proxy.auw.my.underwriting.manulife.com
manulife.com
johnhancock.com
manulife.com
financeit.devsit202201.manulife.com
tw-ssg-fw1.manulife.com
advisor.manulife.ca
azwapnwasm01.mfcgd.com
azuedldbo01.p01usedl.manulife.com
edge.prod-ext.api.manulife.com

Certificate

The complete raw certificate details for manulife.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIILzjCCCragAwIBAgIQQaFN/wPlJPkxI5BgI/PlGjANBgkqhkiG9w0BAQsFADCB
lTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQD
EzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2Vy
dmVyIENBMB4XDTIzMDEwMzAwMDAwMFoXDTI0MDEwMzIzNTk1OVowUzELMAkGA1UE
BhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xGzAZBgNVBAoTEk1hbnVsaWZlIEZpbmFu
Y2lhbDEVMBMGA1UEAxMMbWFudWxpZmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA3UaOVa1VCfdeJc3+wB5KRKiYTrrMNl0SpSPxMyrfdiOxba8r
G848ESqelukpeZwxkrYqe1uONhvzumIQo8ffk/P2pdwPVCY4qSX08jcGY6w7UFEM
ALfSUGtJMg2I8o7PkVw8m9I4NNjGu6TLZsjoruLdx9St2OienPYKrVERVyERyrvf
nl3xpVemWGkpFKzFXg4kYqOW9HxKr4SpXcJeIaKn6mEM8wy9SQOvSuFPdguDYjmg
QIV/HdXzzpjQ+NfUYi9b6WfadpzOTecSN8zhWy5tpTc+APrbTjdvL5LTKe9Mmtc4
Er1Gup/A9XdadYQ2TVjMLVrhjD31BdddUQFJmQIDAQABo4IIWTCCCFUwHwYDVR0j
BBgwFoAUF9nWJSdn+THCSUPZMDZEjGypT+swHQYDVR0OBBYEFPIJ9ODx5Z5nOQys
127BCtZF2gO/MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBBMDUGDCsGAQQBsjEBAgED
BDAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwB
AgIwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0
aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCB
igYIKwYBBQUHAQEEfjB8MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LnNlY3RpZ28u
Y29tL1NlY3RpZ29SU0FPcmdhbml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVy
Q0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTCCAX0G
CisGAQQB1nkCBAIEggFtBIIBaQFnAHcAdv+IPwq2+5VRwmHM9Ye6NLSkzbsp3GhC
Cp/mZ0xaOnQAAAGFd7KUiQAABAMASDBGAiEArDcL75HlP/gKvx1zj0u0Y7rJbO84
6bj//wNUxX9RiqMCIQCM6X4Q2tRhC55hQ3QxPf7JIxxDrnE1uq/WL+1pFOpkdAB1
ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2kPTBI1/urAAABhXeylEwAAAQDAEYw
RAIgKo1SjR7kSQvg5yl2s8Xh0ytjunN/rH4RvprwOQc8JQYCIAhKGBFOCQ9Lj+OH
8k+CQki+eKCNWKbv40UlJKpdJgTsAHUA7s3QZNXbGs7FXLedtM0TojKHRny87N7D
UUhZRnEftZsAAAGFd7KUIwAABAMARjBEAiBVBeKRROUCnXwKuL+dRqFn+8gu1fzx
QDdW2jWjyfIwYQIgQOgIP/gkEEHbs4u6buTckYJHoHPpW6KHL+7CsIv9njcwggUe
BgNVHREEggUVMIIFEYIMbWFudWxpZmUuY29tghIxMTMyMS5tYW51bGlmZS5jb22C
DmFkdmlzb3JjYWZlLmNhgiJhZ2VudC1zdGcuam9obmhhbmNvY2tpbnN1cmFuY2Uu
Y29tghBhcGkubWFudWxpZmUuY29tghFjYWZlY29uc2VpbGxlci5jYYIgY2RuY2V0
ZHZjYWNpY2FhZm5hcHAubWFudWxpZmUuaW+CHWNkbmNldHVhY2FjaWNmcnRyLm1h
bnVsaWZlLmlvghtkZXYuZ2l0aHViLmFwaS5tYW51bGlmZS5jb22CG2RwY29uLm1h
bnVsaWZlc2VjdXJpdGllcy5jYYIhZHBtb2JpbGVtc2kubWFudWxpZmVzZWN1cml0
aWVzLmNhgiJkcG1vYmlsZW1zaWkubWFudWxpZmVzZWN1cml0aWVzLmNhgiNkcG1v
YmlsZW1zaXNpLm1hbnVsaWZlc2VjdXJpdGllcy5jYYIhZHBtb2JpbGVwcGQubWFu
dWxpZmVzZWN1cml0aWVzLmNhghpkcHJjLm1hbnVsaWZlc2VjdXJpdGllcy5jYYIY
ZWRpLWRlc2lnbmVyLm1hbnVsaWZlLmNhgh9lZGktaG90Zml4LWRlc2lnbmVyLm1h
bnVsaWZlLmNhgiBlZGktcHJlcHJvZC1kZXNpZ25lci5tYW51bGlmZS5jYYIgZWRp
LXN0YWdpbmctZGVzaWduZXIubWFudWxpZmUuY2GCHGVkaS11YXQtZGVzaWduZXIu
bWFudWxpZmUuY2GCF2dpdGh1Yi5hcGkubWFudWxpZmUuY29tghlncm91cHNhdmlu
Z3MubWFudWxpZmUuY29tgh5qb2huc3RvbmZ1dHVyZXN0ZXAubWFudWxpZmUuY2GC
EG1hbnVsaWZlcHJwcC5jb22CEG1mYy5tYW51bGlmZS5jb22CFm1mY2VudHJhbC5t
YW51bGlmZS5jb22CEXByb3NjZW5pdW1hdGwuY29tghtxYXQtZ3JzbWVtYmVycy5t
YW51bGlmZS5jb22CGHFhdC1ncnNwcnBwLm1hbnVsaWZlLmNvbYIdc2FsZXMtc3Rn
Lm1hbnVsaWZlYmVybXVkYS5jb22CHnN0YWdlLmlkZW50aXR5LmpvaG5oYW5jb2Nr
LmNvbYIZc3RhZ2luZy5lcGFyZ25lbWFudXZpZS5jYYIXc3RhZ2luZy5tYW51bGlm
ZXBsYW4uY2GCGnRlc3QuaWRlbnRpdHkuamhhbmNvY2suY29tgh10ZXN0LmlkZW50
aXR5LmpvaG5oYW5jb2NrLmNvbYIUdGVzdC5qaGFubnVpdGllcy5jb22CHnRlc3Rj
LnBhcnRuZXJsaW5rLmpoYW5jb2NrLmNvbYIbdWF0LWdyc21lbWJlcnMubWFudWxp
ZmUuY29tghh1YXQtZ3JzcHJwcC5tYW51bGlmZS5jb22CKnZpY3Rvcmluc3VyYW5j
ZS5tYW51bGlmZXRyYXZlbGluc3VyYW5jZS5jYYIVd21zcmVwbzEubWFudWxpZmUu
Y29tghV3bXNyZXBvMi5tYW51bGlmZS5jb22CEnd3dy5hZHZpc29yY2FmZS5jYYIV
d3d3LmNhZmVjb25zZWlsbGVyLmNhghV3d3cuZXBhcmduZW1hbnV2aWUuY2GCE3d3
dy5tYW51bGlmZXBsYW4uY2GCFHd3dy5tYW51bGlmZXBycHAuY29tghV3d3cucHJv
c2Nlbml1bWF0bC5jb20wDQYJKoZIhvcNAQELBQADggEBABuGbxlgwq/MwI9PkUfV
55ThhePvPSivvkL292gEaPW1bVOJTBQgHnqhQeJ5Ka5OQJIgxbqvu/5G8dzVwzk9
V5KI4WRZmqAgfPDFXUidM8iuvF7xjCktZEjS2kGgezBW9zg6SYFxtg1tlpq1fRsg
0qafP6f7pfrLADsCTHeQQWx/4piMISpe+gA/Ow0COwb1m7Mkq7wp8jg+QNsc1oIy
QsRLXPqcDdKeIuRffczuE8X0kzFwqNgYZJgTmr+r489lihQef+wMJONF5/Luy06O
VKOwRHfUvbwBv674WcUsRbLN2+odYh4H/wbmSY+9EHryiJAv0XczQPex3l4GfHub
KVQ=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3UaOVa1VCfdeJc3+wB5K
RKiYTrrMNl0SpSPxMyrfdiOxba8rG848ESqelukpeZwxkrYqe1uONhvzumIQo8ff
k/P2pdwPVCY4qSX08jcGY6w7UFEMALfSUGtJMg2I8o7PkVw8m9I4NNjGu6TLZsjo
ruLdx9St2OienPYKrVERVyERyrvfnl3xpVemWGkpFKzFXg4kYqOW9HxKr4SpXcJe
IaKn6mEM8wy9SQOvSuFPdguDYjmgQIV/HdXzzpjQ+NfUYi9b6WfadpzOTecSN8zh
Wy5tpTc+APrbTjdvL5LTKe9Mmtc4Er1Gup/A9XdadYQ2TVjMLVrhjD31BdddUQFJ
mQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 87237361470170034947098874542009083162
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-01-03 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-03 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'manulife.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27933457855281535584577971939185026331465078081443450826960585388547826619587369933856894332098587873224446150550970561283331090513872649057736214447098592683350937363262294277296956750755427060268736020646748920198851489386998515621358132528936307571282536652051528315403031427532406435658537884785098476987163854616165928124282510708029258569437236179458922901934174434644911239408176985920039488377242454250127694812690055046044112776390283618399496547076630821808746531379815418776595772495874473756762164821671607352238852398267481500293806993173131378014229738741566986378245896498352993913482837265941960673689
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							f209f4e0f1e59e67390cacd76ec10ad645da03bf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							016700770076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018577b294890000040300483046022100ac370bef91e53ff80abf1d738f4bb463bac96cef38e9b8ffff0354c57f518aa30221008ce97e10dad4610b9e614374313dfec9231c43ae7135baafd62fed6914ea6474007500dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018577b2944c000004030046304402202a8d528d1ee4490be0e72976b3c5e1d32b63ba737fac7e11be9af039073c25060220084a18114e090f4b8fe387f24f824248be78a08d58a6efe3452524aa5d2604ec007500eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018577b29423000004030046304402205505e29144e5029d7c0ab8bf9d46a167fbc82ed5fcf1403756da35a3c9f23061022040e8083ff8241041dbb38bba6ee4dc918247a073e95ba2872feec2b08bfd9e37
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1301 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '11321.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'advisorcafe.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'agent-stg.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cafeconseiller.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdncetdvcacicaafnapp.manulife.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdncetuacacicfrtr.manulife.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.github.api.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dpcon.manulifesecurities.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dpmobilemsi.manulifesecurities.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dpmobilemsii.manulifesecurities.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dpmobilemsisi.manulifesecurities.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dpmobileppd.manulifesecurities.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dprc.manulifesecurities.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edi-designer.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edi-hotfix-designer.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edi-preprod-designer.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edi-staging-designer.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edi-uat-designer.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'github.api.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'groupsavings.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnstonfuturestep.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifeprpp.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mfc.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mfcentral.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prosceniumatl.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qat-grsmembers.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qat-grsprpp.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sales-stg.manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.identity.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging.epargnemanuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging.manulifeplan.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.identity.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.identity.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.jhannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'testc.partnerlink.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat-grsmembers.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat-grsprpp.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'victorinsurance.manulifetravelinsurance.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wmsrepo1.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wmsrepo2.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.advisorcafe.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cafeconseiller.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.epargnemanuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulifeplan.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulifeprpp.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.prosceniumatl.com'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001b866f1960c2afccc08f4f9147d5e794e185e3ef3d28afbe42f6f7680468f5b56d53894c14201e7aa141e27929ae4e409220c5baafbbfe46f1dcd5c3393d579288e164599aa0207cf0c55d489d33c8aebc5ef18c292d6448d2da41a07b3056f7383a498171b60d6d969ab57d1b20d2a69f3fa7fba5facb003b024c7790416c7fe2988c212a5efa003f3b0d023b06f59bb324abbc29f2383e40db1cd6823242c44b5cfa9c0dd29e22e45f7dccee13c5f4933170a8d8186498139abfabe3cf658a141e7fec0c24e345e7f2eecb4e8e54a3b04477d4bdbc01bfaef859c52c45b2cddbea1d621e07ff06e6498fbd107af288902fd1773340f7b1de5e067c7b9b2954