johnhancock.com

- Manulife Financial Corporation -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number 58:52:ee:10:87:13:6e:98:2a:69:93:a3:10:cc:a3:38 was issued on by Sectigo Limited.

With 89 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Manulife Financial Corporation

Organization: Manulife Financial Corporation
State / Province: Ontario
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate will expire on

Certificate Details

Serial Number (hex): 58:52:ee:10:87:13:6e:98:2a:69:93:a3:10:cc:a3:38
Serial Number (int): 117402660494412690190593436193884250936
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: db:d5:9b:57:cb:fc:ce:ea:6e:ff:ae:0c:6d:b8:9a:fe:ff:ea:94:93
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): 76:68:30:10:41:52:d3:6b:df:d6:5c:71:63:3c:1e:51:48:70:4c:d2
Fingerprint (sha256): 53:d0:81:23:f1:dd:4f:94:f0:2c:3e:aa:de:a4:09:20:6d:c6:90:9c:72:22:96:d3:7d:46:b5:13:c1:0b:7c:39

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate johnhancock.com

89

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for johnhancock.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

johnhancock.com
10058.johnhancock.com
625church.com
75hawthorne.com
advisor.jhinvestment.com
advisor.jhinvestments.com
advisor.johnhancockinvestments.com
bob.jhfnjunction.com
bob.stage.jhfnjunction.com
consultants.jhinvestments.com
consultants.johnhancockinvestments.com
dcio.jhinvestments.com
dcio.johnhancockinvestments.com
dev.jhretirementcalculator.com
dev.johnhancock.com
diablotechnologypark.com
identity.bcomplete.com
internal.johnhancockinvestments.com
jh-dreamui-brokerage-stage.jhase.uat.manulife.com
jhancockannuities.com
jhancockinvestment.com
jhancockinvestments.com
jhancocknewyork.com
jhannuities.com
jhannuitiesny.com
jhannuity.com
jhapps.jhfnjunction.com
jhappsstaging.jhfnjunction.com
jhf529.com
jhinvestment.com
jhinvestments.com
jhredefininglife.com
jhretirementcalculator.com
johnhancockannuities.com
johnhancockfreedom529.com
johnhancockinvestment.com
johnhancockinvestments.com
johnhancocknewyork.com
johnhancockrealestate.com
johnhancocktravel.com
manulife-venture.com
manulifebermuda.com
manuliferealestate.com
manulifeusa.com
mi.jhinvestments.com
news.johnhancock.com
ourdifferentapproach.com
parkplacechandler.com
qa.manulifebermuda.com
ria.jhinvestments.com
ria.johnhancockinvestments.com
sales-tst-tmp.johnhancockinsurance.com
slabtownmarketplace.com
stage.identity.bcomplete.com
stage.jhretirementcalculator.com
stg-cps.jhinvestments.com
stg-tmp.jhinvestments.com
stg.jhinvestments.com
tanasbournecommercecenter.com
test.jhretirementcalculator.com
uat.johnhancocktravel.com
www.625church.com
www.75hawthorne.com
www.diablotechnologypark.com
www.jhancockannuities.com
www.jhancockinvestment.com
www.jhancockinvestments.com
www.jhannuities.com
www.jhannuitiesny.com
www.jhannuity.com
www.jhf529.com
www.jhinvestment.com
www.jhinvestments.com
www.jhredefininglife.com
www.jhretirementcalculator.com
www.johnhancockannuities.com
www.johnhancockfreedom529.com
www.johnhancockinvestment.com
www.johnhancockinvestments.com
www.johnhancockrealestate.com
www.johnhancocktravel.com
www.manulife-venture.com
www.manulifebermuda.com
www.manuliferealestate.com
www.manulifeusa.com
www.ourdifferentapproach.com
www.parkplacechandler.com
www.slabtownmarketplace.com
www.tanasbournecommercecenter.com

Other certificates including the domain name johnhancock.com

(limited to 100 certificates)
johnhancockinsurance.com
stage.identity.jhancock.com
manulife.com
rps.jhancock.com
manulife.com
uat.igpclaimreporting.jhancock.com
qa.johnhancock.com
johnhancock.com
johnhancock.com
onboarding.retirement.johnhancock.com
johnhancock.com
www.jhinvestments.com
stg.johnhancock.com
myplanuat.johnhancock.com
www.jhinvestments.com
qr.retirement.johnhancock.com
dev-tmp.jhinvestments.com
johnhancock.com
www.jhinvestments.com
manulife.com
johnhancock.com
advisorfeedbackhub.johnhancock.com
manulife.com
johnhancock.com
johnhancock.com
crverifyidentity-dev.johnhancock.com
myplanuat.johnhancock.com
www.jhinvestments.com
johnhancock.com
img.retirement.johnhancock.com
johnhancock.com
rps.jhancock.com
manulife.com
johnhancock.com
manulife.com
instant-apply.johnhancockinsurance.com
manulife.com
manulife.com
rps.jhancock.com
instant-apply.johnhancockinsurance.com
qr.myplan.johnhancock.com
manulife.com
digital-uat.customer.johnhancock.com
myplanuat.johnhancock.com
manulife.com
www.jhinvestments.com
digital-uat.customer.johnhancock.com
personalizedretirementadvice.johnhancock.com
rps.jhancock.com
www.jhinvestments.com
johnhancock.com
secure.johnhancock.com
manulife.com
johnhancock.com
johnhancock.com
www.jhinvestments.com
manulife.com
ww4.johnhancock.com
johnhancock.com
johnhancock.com
manulife.com
preferences.johnhancock.com
qr.myplan.johnhancock.com
img.retirement.johnhancock.com
johnhancock.com
manulife.com
jhshsm.johnhancock.com
qr.myplan.johnhancock.com
johnhancock.com
ww4.johnhancock.com
quote-uat.johnhancock.com
stg.johnhancock.com
johnhancock.com
digital.customer.johnhancock.com
johnhancock.com
johnhancockinsurance.com
johnhancock.com
retirementinfo.johnhancock.com
jhaconnect.jhannuities.com
johnhancock.com
johnhancock.com
onboarding.retirement.johnhancock.com
protect.johnhancock.com
jhshsm.johnhancock.com
rps.jhancock.com
qr.retirement.johnhancock.com
manulife.com
johnhancock.com
newonboardingaugust2023.retirement.johnhancock.com
johnhancock.com
rps.jhancock.com
manulife.com
johnhancock.com
manulife.com
johnhancock.com
finapp.johnhancock.com
johnhancock.com
manulife.com
manulife.com
preferencesstg.johnhancock.com

Certificate

The complete raw certificate details for johnhancock.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIPzTCCDrWgAwIBAgIQWFLuEIcTbpgqaZOjEMyjODANBgkqhkiG9w0BAQsFADCB
lTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQD
EzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2Vy
dmVyIENBMB4XDTIzMTIxNTAwMDAwMFoXDTI0MTIxNDIzNTk1OVowYjELMAkGA1UE
BhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xJzAlBgNVBAoTHk1hbnVsaWZlIEZpbmFu
Y2lhbCBDb3Jwb3JhdGlvbjEYMBYGA1UEAxMPam9obmhhbmNvY2suY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmQ6aYLnF3HhmFrqhI6hA6yN3NX+
wP30lRzRzujjDloGfzT7kGxdgQ9Uc3xZhgGKgcx0chwNg/vxnidbYKXDJGLjvbB4
7KNivTr1now8R/iVqOtxvZAVzDfnzoMwj3MditVwnQ3EnvmqmpMrPbaHod2XnwDV
A/lsjDrrBPf2N90DhLjQR6MCPQ3asBoEmOH4CE5LC6ElOS1KYNsZZoFGqGmqSapb
6at10H7MpNUbwhu+UsNlErsnAXDXqk6pnVU+xHs5LritipWBKFgFofB+sFoJBjSB
B1yIa9G20HT/mI76wLZJw3+8Q5kZCdDYV8mBXYD1HduwgbXwJuN/gzYdlwIDAQAB
o4IMSTCCDEUwHwYDVR0jBBgwFoAUF9nWJSdn+THCSUPZMDZEjGypT+swHQYDVR0O
BBYEFNvVm1fL/M7qbv+uDG24mv7/6pSTMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBB
MDUGDCsGAQQBsjEBAgEDBDAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28u
Y29tL0NQUzAIBgZngQwBAgIwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5z
ZWN0aWdvLmNvbS9TZWN0aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3Vy
ZVNlcnZlckNBLmNybDCBigYIKwYBBQUHAQEEfjB8MFUGCCsGAQUFBzAChklodHRw
Oi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FPcmdhbml6YXRpb25WYWxpZGF0
aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5z
ZWN0aWdvLmNvbTCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHcAdv+IPwq2+5VR
wmHM9Ye6NLSkzbsp3GhCCp/mZ0xaOnQAAAGMbudqjAAABAMASDBGAiEAgDvEdoL2
7EQvIlGIycfGzeyZMqLabyMACrKFXsS3e7YCIQCv3t/9klACkDtOEDlh2jxZ7VTG
iA8NjoXh9cO48cTa1QB2AD8XS0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRu
AAABjG7narUAAAQDAEcwRQIgAYMJDVyyJmS9ouxGxgB4J5BwdPvFnT7U0MURB8oN
GrACIQC9NpO6bIrFngPnXNrb7c4FvEsLcjUup5FKpfkk6wvzoQB1AO7N0GTV2xrO
xVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABjG7nasIAAAQDAEYwRAIgYmGIaDlr
hshublro4ih2TsBufZzR22NrpwvX1LC22r4CIEp/SqQRtnrY0AM0ilET9vBc7Z2Q
GF+sy4NNKxsq06gOMIIJDQYDVR0RBIIJBDCCCQCCD2pvaG5oYW5jb2NrLmNvbYIV
MTAwNTguam9obmhhbmNvY2suY29tgg02MjVjaHVyY2guY29tgg83NWhhd3Rob3Ju
ZS5jb22CGGFkdmlzb3IuamhpbnZlc3RtZW50LmNvbYIZYWR2aXNvci5qaGludmVz
dG1lbnRzLmNvbYIiYWR2aXNvci5qb2huaGFuY29ja2ludmVzdG1lbnRzLmNvbYIU
Ym9iLmpoZm5qdW5jdGlvbi5jb22CGmJvYi5zdGFnZS5qaGZuanVuY3Rpb24uY29t
gh1jb25zdWx0YW50cy5qaGludmVzdG1lbnRzLmNvbYImY29uc3VsdGFudHMuam9o
bmhhbmNvY2tpbnZlc3RtZW50cy5jb22CFmRjaW8uamhpbnZlc3RtZW50cy5jb22C
H2RjaW8uam9obmhhbmNvY2tpbnZlc3RtZW50cy5jb22CHmRldi5qaHJldGlyZW1l
bnRjYWxjdWxhdG9yLmNvbYITZGV2LmpvaG5oYW5jb2NrLmNvbYIYZGlhYmxvdGVj
aG5vbG9neXBhcmsuY29tghZpZGVudGl0eS5iY29tcGxldGUuY29tgiNpbnRlcm5h
bC5qb2huaGFuY29ja2ludmVzdG1lbnRzLmNvbYIxamgtZHJlYW11aS1icm9rZXJh
Z2Utc3RhZ2Uuamhhc2UudWF0Lm1hbnVsaWZlLmNvbYIVamhhbmNvY2thbm51aXRp
ZXMuY29tghZqaGFuY29ja2ludmVzdG1lbnQuY29tghdqaGFuY29ja2ludmVzdG1l
bnRzLmNvbYITamhhbmNvY2tuZXd5b3JrLmNvbYIPamhhbm51aXRpZXMuY29tghFq
aGFubnVpdGllc255LmNvbYINamhhbm51aXR5LmNvbYIXamhhcHBzLmpoZm5qdW5j
dGlvbi5jb22CHmpoYXBwc3N0YWdpbmcuamhmbmp1bmN0aW9uLmNvbYIKamhmNTI5
LmNvbYIQamhpbnZlc3RtZW50LmNvbYIRamhpbnZlc3RtZW50cy5jb22CFGpocmVk
ZWZpbmluZ2xpZmUuY29tghpqaHJldGlyZW1lbnRjYWxjdWxhdG9yLmNvbYIYam9o
bmhhbmNvY2thbm51aXRpZXMuY29tghlqb2huaGFuY29ja2ZyZWVkb201MjkuY29t
ghlqb2huaGFuY29ja2ludmVzdG1lbnQuY29tghpqb2huaGFuY29ja2ludmVzdG1l
bnRzLmNvbYIWam9obmhhbmNvY2tuZXd5b3JrLmNvbYIZam9obmhhbmNvY2tyZWFs
ZXN0YXRlLmNvbYIVam9obmhhbmNvY2t0cmF2ZWwuY29tghRtYW51bGlmZS12ZW50
dXJlLmNvbYITbWFudWxpZmViZXJtdWRhLmNvbYIWbWFudWxpZmVyZWFsZXN0YXRl
LmNvbYIPbWFudWxpZmV1c2EuY29tghRtaS5qaGludmVzdG1lbnRzLmNvbYIUbmV3
cy5qb2huaGFuY29jay5jb22CGG91cmRpZmZlcmVudGFwcHJvYWNoLmNvbYIVcGFy
a3BsYWNlY2hhbmRsZXIuY29tghZxYS5tYW51bGlmZWJlcm11ZGEuY29tghVyaWEu
amhpbnZlc3RtZW50cy5jb22CHnJpYS5qb2huaGFuY29ja2ludmVzdG1lbnRzLmNv
bYImc2FsZXMtdHN0LXRtcC5qb2huaGFuY29ja2luc3VyYW5jZS5jb22CF3NsYWJ0
b3dubWFya2V0cGxhY2UuY29tghxzdGFnZS5pZGVudGl0eS5iY29tcGxldGUuY29t
giBzdGFnZS5qaHJldGlyZW1lbnRjYWxjdWxhdG9yLmNvbYIZc3RnLWNwcy5qaGlu
dmVzdG1lbnRzLmNvbYIZc3RnLXRtcC5qaGludmVzdG1lbnRzLmNvbYIVc3RnLmpo
aW52ZXN0bWVudHMuY29tgh10YW5hc2JvdXJuZWNvbW1lcmNlY2VudGVyLmNvbYIf
dGVzdC5qaHJldGlyZW1lbnRjYWxjdWxhdG9yLmNvbYIZdWF0LmpvaG5oYW5jb2Nr
dHJhdmVsLmNvbYIRd3d3LjYyNWNodXJjaC5jb22CE3d3dy43NWhhd3Rob3JuZS5j
b22CHHd3dy5kaWFibG90ZWNobm9sb2d5cGFyay5jb22CGXd3dy5qaGFuY29ja2Fu
bnVpdGllcy5jb22CGnd3dy5qaGFuY29ja2ludmVzdG1lbnQuY29tght3d3cuamhh
bmNvY2tpbnZlc3RtZW50cy5jb22CE3d3dy5qaGFubnVpdGllcy5jb22CFXd3dy5q
aGFubnVpdGllc255LmNvbYIRd3d3LmpoYW5udWl0eS5jb22CDnd3dy5qaGY1Mjku
Y29tghR3d3cuamhpbnZlc3RtZW50LmNvbYIVd3d3LmpoaW52ZXN0bWVudHMuY29t
ghh3d3cuamhyZWRlZmluaW5nbGlmZS5jb22CHnd3dy5qaHJldGlyZW1lbnRjYWxj
dWxhdG9yLmNvbYIcd3d3LmpvaG5oYW5jb2NrYW5udWl0aWVzLmNvbYIdd3d3Lmpv
aG5oYW5jb2NrZnJlZWRvbTUyOS5jb22CHXd3dy5qb2huaGFuY29ja2ludmVzdG1l
bnQuY29tgh53d3cuam9obmhhbmNvY2tpbnZlc3RtZW50cy5jb22CHXd3dy5qb2hu
aGFuY29ja3JlYWxlc3RhdGUuY29tghl3d3cuam9obmhhbmNvY2t0cmF2ZWwuY29t
ghh3d3cubWFudWxpZmUtdmVudHVyZS5jb22CF3d3dy5tYW51bGlmZWJlcm11ZGEu
Y29tghp3d3cubWFudWxpZmVyZWFsZXN0YXRlLmNvbYITd3d3Lm1hbnVsaWZldXNh
LmNvbYIcd3d3Lm91cmRpZmZlcmVudGFwcHJvYWNoLmNvbYIZd3d3LnBhcmtwbGFj
ZWNoYW5kbGVyLmNvbYIbd3d3LnNsYWJ0b3dubWFya2V0cGxhY2UuY29tgiF3d3cu
dGFuYXNib3VybmVjb21tZXJjZWNlbnRlci5jb20wDQYJKoZIhvcNAQELBQADggEB
ABiNcLw7b3ultIBe2N/k03BM+4iuRWOiY3e5YtdqBS9GS9b/iTPh5AZYMAhUCMaS
cygExUoeWNOe8pbi+6DKMfZLiQi9U6xMgAOV8RwQwe6PRo2SkXrjg/ykSj4MBeC7
rEtuGm0FydgzjLkfx2/sd41t7rqqfdWl06XId9Sef/bLuVzXPKUDPS+Nn+5GQ7kZ
h2fZTHW2njVZZG89pt0rOsTZ56wDecQ1SQkppfeXdG7QHhIpHpkXJgcLk77+vH4q
KPgIxNVoOC3eyAdHIg8vTyS81+KJ9D9lH115SMJpFa4Xa597aOyUGG9BKg9T5v6W
V4n89fQcR+/YsDB8byPXdvc=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmQ6aYLnF3HhmFrqhI6h
A6yN3NX+wP30lRzRzujjDloGfzT7kGxdgQ9Uc3xZhgGKgcx0chwNg/vxnidbYKXD
JGLjvbB47KNivTr1now8R/iVqOtxvZAVzDfnzoMwj3MditVwnQ3EnvmqmpMrPbaH
od2XnwDVA/lsjDrrBPf2N90DhLjQR6MCPQ3asBoEmOH4CE5LC6ElOS1KYNsZZoFG
qGmqSapb6at10H7MpNUbwhu+UsNlErsnAXDXqk6pnVU+xHs5LritipWBKFgFofB+
sFoJBjSBB1yIa9G20HT/mI76wLZJw3+8Q5kZCdDYV8mBXYD1HduwgbXwJuN/gzYd
lwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 117402660494412690190593436193884250936
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-15 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-12-14 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'johnhancock.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21004982978284179220057750444365932184810809275398189880233131918205031426149688537927647415974823276528666907766193269931323318160225884868046936972855673616163003314140130649249566074694682342648164180108638304915873185367804675314684915500556437263536845482310442627208683374251817835766580877686528349360832557920353156105299023790746485568364405029933589850446181069738868847546384391841106451840885929652833916238874537334647975184659295323702406982491608974349412420637031601584601459068024945858040882278728452009076842986442077657778865185458685967602290338964145939988677863264394765264037859307969182047639
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							dbd59b57cbfcceea6effae0c6db89afeffea9493
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							016800770076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018c6ee76a8c0000040300483046022100803bc47682f6ec442f225188c9c7c6cdec9932a2da6f23000ab2855ec4b77bb6022100afdedffd925002903b4e103961da3c59ed54c6880f0d8e85e1f5c3b8f1c4dad50076003f174b4fd7224758941d651c84be0d12ed90377f1f856aebc1bf2885ecf8646e0000018c6ee76ab5000004030047304502200183090d5cb22664bda2ec46c6007827907074fbc59d3ed4d0c51107ca0d1ab0022100bd3693ba6c8ac59e03e75cdadbedce05bc4b0b72352ea7914aa5f924eb0bf3a1007500eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018c6ee76ac20000040300463044022062618868396b86c86e6e5ae8e228764ec06e7d9cd1db636ba70bd7d4b0b6dabe02204a7f4aa411b67ad8d003348a5113f6f05ced9d90185faccb834d2b1b2ad3a80e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2308 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '10058.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '625church.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '75hawthorne.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'advisor.jhinvestment.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'advisor.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'advisor.johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bob.jhfnjunction.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bob.stage.jhfnjunction.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'consultants.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'consultants.johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dcio.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dcio.johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.jhretirementcalculator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'diablotechnologypark.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'identity.bcomplete.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'internal.johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jh-dreamui-brokerage-stage.jhase.uat.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhancockannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhancockinvestment.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhancocknewyork.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhannuitiesny.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhannuity.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapps.jhfnjunction.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhappsstaging.jhfnjunction.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhf529.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhinvestment.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhredefininglife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhretirementcalculator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancockannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancockfreedom529.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancockinvestment.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancocknewyork.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancockrealestate.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancocktravel.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulife-venture.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manuliferealestate.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifeusa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mi.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'news.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ourdifferentapproach.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'parkplacechandler.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ria.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ria.johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sales-tst-tmp.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'slabtownmarketplace.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.identity.bcomplete.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.jhretirementcalculator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg-cps.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg-tmp.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tanasbournecommercecenter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.jhretirementcalculator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat.johnhancocktravel.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.625church.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.75hawthorne.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.diablotechnologypark.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhancockannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhancockinvestment.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhannuitiesny.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhannuity.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhf529.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhinvestment.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhredefininglife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhretirementcalculator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.johnhancockannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.johnhancockfreedom529.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.johnhancockinvestment.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.johnhancockinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.johnhancockrealestate.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.johnhancocktravel.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulife-venture.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manuliferealestate.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulifeusa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ourdifferentapproach.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.parkplacechandler.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.slabtownmarketplace.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tanasbournecommercecenter.com'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00188d70bc3b6f7ba5b4805ed8dfe4d3704cfb88ae4563a26377b962d76a052f464bd6ff8933e1e4065830085408c692732804c54a1e58d39ef296e2fba0ca31f64b8908bd53ac4c800395f11c10c1ee8f468d92917ae383fca44a3e0c05e0bbac4b6e1a6d05c9d8338cb91fc76fec778d6deebaaa7dd5a5d3a5c877d49e7ff6cbb95cd73ca5033d2f8d9fee4643b9198767d94c75b69e3559646f3da6dd2b3ac4d9e7ac0379c435490929a5f797746ed01e12291e991726070b93befebc7e2a28f808c4d568382ddec80747220f2f4f24bcd7e289f43f651f5d7948c26915ae176b9f7b68ec94186f412a0f53e6fe965789fcf5f41c47efd8b0307c6f23d776f7