johnhancock.com

- Manulife Financial -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number 0e:ee:88:3c:38:9e:0f:0f:38:6a:7c:bd:49:38:95:df was issued on by Sectigo Limited.

With 40 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Manulife Financial

Organization: Manulife Financial
Organization unit: Global Infrastructure
Organization unit: Multi-Domain SSL
Address: 200 Bloor Street East
Postal code: M4W 1E5
State / Province: Ontario
Locality: Toronto
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): 0e:ee:88:3c:38:9e:0f:0f:38:6a:7c:bd:49:38:95:df
Serial Number (int): 19847721772238200625039507583678322143
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: ff:f7:ba:69:8c:de:2f:3e:81:e2:18:e0:33:4f:7d:69:98:08:e5:e5
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): b1:13:dd:a1:07:76:50:88:6c:82:ef:7c:be:24:66:a2:cf:36:39:f5
Fingerprint (sha256): 4d:1d:69:18:3b:97:7d:81:f3:ad:7b:90:3c:8e:4a:36:bd:a2:d4:4f:65:87:ff:e1:c1:67:a9:2a:67:35:31:ae

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate johnhancock.com

40

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for johnhancock.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

johnhancock.com
11514.johnhancock.com
advisor.johnhancockinvestments.com
author-dev.johnhancock.com
author-qa.johnhancock.com
author-stg.johnhancock.com
author.johnhancock.com
authoring.jhfnjunction.com
consultants.johnhancockinvestments.com
dcio.johnhancockinvestments.com
ideahub.johnhancock.com
internal.johnhancockinvestments.com
jhancockannuities.com
jhancockinvestment.com
jhancockinvestments.com
jhancocknewyork.com
jhannuitiesny.com
jhannuity.com
jhf529.com
jhfnjunction.com
jhfreedom529.com
jhfunds.com
jhinvestment.com
jhinvestments.com
johnhancockannuities.com
johnhancockfreedom529.com
johnhancockinvestment.com
johnhancockinvestments.com
johnhancocknewyork.com
manulife-venture.com
manulifebermuda.com
manulifehongkong.com
manulifeusa.com
mas.jhancock.com
ourdifferentapproach.com
partnerlink.jhancock.com
ria.johnhancockinvestments.com
stage-termlife.johnhancockinsurance.com
usc.jhancock.com
www.johnhancockinvestments.com

Other certificates including the domain name johnhancock.com

(limited to 100 certificates)
johnhancockinsurance.com
stage.identity.jhancock.com
manulife.com
rps.jhancock.com
manulife.com
uat.igpclaimreporting.jhancock.com
qa.johnhancock.com
johnhancock.com
johnhancock.com
onboarding.retirement.johnhancock.com
johnhancock.com
www.jhinvestments.com
stg.johnhancock.com
myplanuat.johnhancock.com
www.jhinvestments.com
qr.retirement.johnhancock.com
dev-tmp.jhinvestments.com
johnhancock.com
www.jhinvestments.com
manulife.com
johnhancock.com
advisorfeedbackhub.johnhancock.com
manulife.com
johnhancock.com
johnhancock.com
crverifyidentity-dev.johnhancock.com
myplanuat.johnhancock.com
www.jhinvestments.com
johnhancock.com
img.retirement.johnhancock.com
johnhancock.com
rps.jhancock.com
manulife.com
johnhancock.com
manulife.com
instant-apply.johnhancockinsurance.com
manulife.com
manulife.com
rps.jhancock.com
instant-apply.johnhancockinsurance.com
qr.myplan.johnhancock.com
manulife.com
digital-uat.customer.johnhancock.com
myplanuat.johnhancock.com
manulife.com
www.jhinvestments.com
digital-uat.customer.johnhancock.com
personalizedretirementadvice.johnhancock.com
rps.jhancock.com
www.jhinvestments.com
johnhancock.com
secure.johnhancock.com
manulife.com
johnhancock.com
johnhancock.com
www.jhinvestments.com
manulife.com
ww4.johnhancock.com
johnhancock.com
johnhancock.com
manulife.com
preferences.johnhancock.com
qr.myplan.johnhancock.com
img.retirement.johnhancock.com
johnhancock.com
manulife.com
jhshsm.johnhancock.com
qr.myplan.johnhancock.com
johnhancock.com
ww4.johnhancock.com
quote-uat.johnhancock.com
stg.johnhancock.com
johnhancock.com
digital.customer.johnhancock.com
johnhancock.com
johnhancockinsurance.com
johnhancock.com
retirementinfo.johnhancock.com
jhaconnect.jhannuities.com
johnhancock.com
johnhancock.com
onboarding.retirement.johnhancock.com
protect.johnhancock.com
jhshsm.johnhancock.com
rps.jhancock.com
qr.retirement.johnhancock.com
manulife.com
johnhancock.com
newonboardingaugust2023.retirement.johnhancock.com
johnhancock.com
rps.jhancock.com
manulife.com
johnhancock.com
manulife.com
johnhancock.com
finapp.johnhancock.com
johnhancock.com
manulife.com
manulife.com
preferencesstg.johnhancock.com

Certificate

The complete raw certificate details for johnhancock.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIJpjCCCI6gAwIBAgIQDu6IPDieDw84any9STiV3zANBgkqhkiG9w0BAQsFADCB
lTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQD
EzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2Vy
dmVyIENBMB4XDTE5MTAwMzAwMDAwMFoXDTIxMTAwMjIzNTk1OVowgdUxCzAJBgNV
BAYTAkNBMRAwDgYDVQQREwdNNFcgMUU1MRAwDgYDVQQIEwdPbnRhcmlvMRAwDgYD
VQQHEwdUb3JvbnRvMR4wHAYDVQQJExUyMDAgQmxvb3IgU3RyZWV0IEVhc3QxGzAZ
BgNVBAoTEk1hbnVsaWZlIEZpbmFuY2lhbDEeMBwGA1UECxMVR2xvYmFsIEluZnJh
c3RydWN0dXJlMRkwFwYDVQQLExBNdWx0aS1Eb21haW4gU1NMMRgwFgYDVQQDEw9q
b2huaGFuY29jay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl
GLv6DGIkrB/eWLYkArcoEU43F5+gthl7u08FJYSFw7eTdn88LsibSMBWUm4Cvkv1
a7gZQ3c6mSlgnvM99n667KGyoNPUdANRFi12DGS5IhyfoOXPSbHVPvnbhV2SHBKW
bkRguR3NFZc71pzk1GOFW5WDRJYGwPwMgEPW9cKe8n7vkMFmNESbd7C1QqnFSRm4
F2ok/+YbXy0foUCrxBMfb1AzVCoswJzMzr5/Dx9oZUrPlIWN/MIBG2GKNvF7T8kw
8P3gJdE93hW0szgh6HJTp7A2gqhaIfr2Qb2XqO7UEDigl9qwTxpI4tPwxMk1FlZv
AFrvPqjp+FOhi1NnxlPrAgMBAAGjggWuMIIFqjAfBgNVHSMEGDAWgBQX2dYlJ2f5
McJJQ9kwNkSMbKlP6zAdBgNVHQ4EFgQU//e6aYzeLz6B4hjgM099aZgI5eUwDgYD
VR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMEoGA1UdIARDMEEwNQYMKwYBBAGyMQECAQMEMCUwIwYIKwYBBQUH
AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECAjBaBgNVHR8EUzBR
ME+gTaBLhklodHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29SU0FPcmdhbml6
YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGKBggrBgEFBQcBAQR+
MHwwVQYIKwYBBQUHMAKGSWh0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1JT
QU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYB
BQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMBMGCisGAQQB1nkCBAMBAf8E
AgUAMIID3wYDVR0RBIID1jCCA9KCD2pvaG5oYW5jb2NrLmNvbYIVMTE1MTQuam9o
bmhhbmNvY2suY29tgiJhZHZpc29yLmpvaG5oYW5jb2NraW52ZXN0bWVudHMuY29t
ghphdXRob3ItZGV2LmpvaG5oYW5jb2NrLmNvbYIZYXV0aG9yLXFhLmpvaG5oYW5j
b2NrLmNvbYIaYXV0aG9yLXN0Zy5qb2huaGFuY29jay5jb22CFmF1dGhvci5qb2hu
aGFuY29jay5jb22CGmF1dGhvcmluZy5qaGZuanVuY3Rpb24uY29tgiZjb25zdWx0
YW50cy5qb2huaGFuY29ja2ludmVzdG1lbnRzLmNvbYIfZGNpby5qb2huaGFuY29j
a2ludmVzdG1lbnRzLmNvbYIXaWRlYWh1Yi5qb2huaGFuY29jay5jb22CI2ludGVy
bmFsLmpvaG5oYW5jb2NraW52ZXN0bWVudHMuY29tghVqaGFuY29ja2FubnVpdGll
cy5jb22CFmpoYW5jb2NraW52ZXN0bWVudC5jb22CF2poYW5jb2NraW52ZXN0bWVu
dHMuY29tghNqaGFuY29ja25ld3lvcmsuY29tghFqaGFubnVpdGllc255LmNvbYIN
amhhbm51aXR5LmNvbYIKamhmNTI5LmNvbYIQamhmbmp1bmN0aW9uLmNvbYIQamhm
cmVlZG9tNTI5LmNvbYILamhmdW5kcy5jb22CEGpoaW52ZXN0bWVudC5jb22CEWpo
aW52ZXN0bWVudHMuY29tghhqb2huaGFuY29ja2FubnVpdGllcy5jb22CGWpvaG5o
YW5jb2NrZnJlZWRvbTUyOS5jb22CGWpvaG5oYW5jb2NraW52ZXN0bWVudC5jb22C
GmpvaG5oYW5jb2NraW52ZXN0bWVudHMuY29tghZqb2huaGFuY29ja25ld3lvcmsu
Y29tghRtYW51bGlmZS12ZW50dXJlLmNvbYITbWFudWxpZmViZXJtdWRhLmNvbYIU
bWFudWxpZmVob25na29uZy5jb22CD21hbnVsaWZldXNhLmNvbYIQbWFzLmpoYW5j
b2NrLmNvbYIYb3VyZGlmZmVyZW50YXBwcm9hY2guY29tghhwYXJ0bmVybGluay5q
aGFuY29jay5jb22CHnJpYS5qb2huaGFuY29ja2ludmVzdG1lbnRzLmNvbYInc3Rh
Z2UtdGVybWxpZmUuam9obmhhbmNvY2tpbnN1cmFuY2UuY29tghB1c2MuamhhbmNv
Y2suY29tgh53d3cuam9obmhhbmNvY2tpbnZlc3RtZW50cy5jb20wDQYJKoZIhvcN
AQELBQADggEBAHeJI2w+02m8DjXJay8v29oyaD0Evx6aHPxwrvYXwHuj2MPDLcQb
fYRrxtMgFDfqv+ZZzSaGkEjY97egq5ys/raIf9EvhJjS9nPUJxtXU4ibyILEYnrG
8U24smg1NzH0zN+qbH1XhBWKieDpALJXWb3PPaYnqPt0Uk9okGCVpk6iQ1RAcB9e
MTwrie6nhbBhwYUTcaOrNmjOeuy++7svFR/q6WJOwhbhM3msoEivf5QpHMiFJuOe
UwmKzqKJ1F8nXv0rNuW/AD5oo0ia52PQRCGU3HldV7l5qDSmuueuIglcAhtWBMw+
GWTdxce+MmtiVz2s2TH9AN50fLMR14O6d8Y=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Ri7+gxiJKwf3li2JAK3
KBFONxefoLYZe7tPBSWEhcO3k3Z/PC7Im0jAVlJuAr5L9Wu4GUN3OpkpYJ7zPfZ+
uuyhsqDT1HQDURYtdgxkuSIcn6Dlz0mx1T7524VdkhwSlm5EYLkdzRWXO9ac5NRj
hVuVg0SWBsD8DIBD1vXCnvJ+75DBZjREm3ewtUKpxUkZuBdqJP/mG18tH6FAq8QT
H29QM1QqLMCczM6+fw8faGVKz5SFjfzCARthijbxe0/JMPD94CXRPd4VtLM4Iehy
U6ewNoKoWiH69kG9l6ju1BA4oJfasE8aSOLT8MTJNRZWbwBa7z6o6fhToYtTZ8ZT
6wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 19847721772238200625039507583678322143
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-03 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-10-02 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'M4W 1E5'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Toronto'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '200 Bloor Street East'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Global Infrastructure'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Multi-Domain SSL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'johnhancock.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28920768767345042336876288514371325852056959455575912104805462409925476621357331669852646633993130167010093788643801832184742701287152601564213148852471161335792441087999558368411092164751369595152114612868506709074463668909849663834286576843937131806725304647203898786431234202199043045710442305849348055804690453694282223800165901088021745203173079229267740656773238418062996519149598696568027425715515857314148814474551739245994179511069235527202474812991316824885257606064923828282151222788762325142623022921390031459259494608125894839843204911682377157353071147669660212016846905933816152984836053265723605537771
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							fff7ba698cde2f3e81e218e0334f7d699808e5e5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (982 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '11514.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'advisor.johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'author-dev.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'author-qa.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'author-stg.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'author.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'authoring.jhfnjunction.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'consultants.johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dcio.johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ideahub.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'internal.johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhancockannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhancockinvestment.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhancocknewyork.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhannuitiesny.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhannuity.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhf529.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhfnjunction.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhfreedom529.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhfunds.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhinvestment.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancockannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancockfreedom529.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancockinvestment.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancocknewyork.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulife-venture.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifehongkong.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifeusa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mas.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ourdifferentapproach.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'partnerlink.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ria.johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage-termlife.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'usc.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.johnhancockinvestments.com'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		007789236c3ed369bc0e35c96b2f2fdbda32683d04bf1e9a1cfc70aef617c07ba3d8c3c32dc41b7d846bc6d3201437eabfe659cd26869048d8f7b7a0ab9cacfeb6887fd12f8498d2f673d4271b5753889bc882c4627ac6f14db8b268353731f4ccdfaa6c7d5784158a89e0e900b25759bdcf3da627a8fb74524f68906095a64ea2435440701f5e313c2b89eea785b061c1851371a3ab3668ce7aecbefbbb2f151feae9624ec216e13379aca048af7f94291cc88526e39e53098acea289d45f275efd2b36e5bf003e68a3489ae763d0442194dc795d57b979a834a6bae7ae22095c021b5604cc3e1964ddc5c7be326b62573dacd931fd00de747cb311d783ba77c6