manulife.com

- Manulife Financial -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number 97:ca:a0:78:f0:12:d8:0b:8d:4b:6d:02:66:7b:cf:dc was issued on by Sectigo Limited.

With 54 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Manulife Financial

Organization: Manulife Financial
State / Province: Ontario
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): 97:ca:a0:78:f0:12:d8:0b:8d:4b:6d:02:66:7b:cf:dc
Serial Number (int): 201765526096161601234558084859255574492
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: e6:ea:07:01:9f:4e:4b:4e:cc:72:a9:72:03:c7:a0:ca:3f:82:5d:0c
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): 71:8b:5f:89:b3:bc:37:80:54:1d:fe:41:6c:65:e5:80:9f:8a:df:e7
Fingerprint (sha256): 54:f0:21:be:99:a0:91:0d:27:41:98:e7:f8:cc:18:cf:dd:d6:3e:86:ea:10:38:c7:dc:b3:97:e6:02:53:e5:c3

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate manulife.com

54

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for manulife.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

manulife.com
11321.manulife.com
advisorcafe.ca
agent-stg.johnhancockinsurance.com
api.manulife.com
cafeconseiller.ca
cdd-prod-bes.manulife.com
cdd-uat-bes.manulife.com
cdncetdvcacicaafnapp.manulife.io
cdncetuacacicfrtr.manulife.io
dev.github.api.manulife.com
dpcon.manulifesecurities.ca
dpmobilemsi.manulifesecurities.ca
dpmobilemsii.manulifesecurities.ca
dpmobilemsisi.manulifesecurities.ca
dpmobileppd.manulifesecurities.ca
dprc.manulifesecurities.ca
edi-designer.manulife.ca
edi-hotfix-designer.manulife.ca
edi-preprod-designer.manulife.ca
edi-staging-designer.manulife.ca
edi-uat-designer.manulife.ca
epargnemanuvie.ca
github.api.manulife.com
groupsavings.manulife.com
johnstonfuturestep.manulife.ca
manulifeplan.ca
manulifeprpp.com
mfc.manulife.com
mfcentral.manulife.com
prosceniumatl.com
qat-grsmembers.manulife.com
qat-grsprpp.manulife.com
sales-stg.manulifebermuda.com
stage.identity.johnhancock.com
staging.epargnemanuvie.ca
staging.manulifeplan.ca
test.identity.jhancock.com
test.identity.johnhancock.com
test.jhannuities.com
testc.partnerlink.jhancock.com
uat-grsmembers.manulife.com
uat-grsprpp.manulife.com
victorinsurance.manulifetravelinsurance.ca
wmsrepo1.manulife.com
wmsrepo2.manulife.com
www.advisorcafe.ca
www.cafeconseiller.ca
www.epargnemanuvie.ca
www.manulifeplan.ca
www.manulifeprpp.com
www.prosceniumatl.com
www.staging.epargnemanuvie.ca
www.staging.manulifeplan.ca

Other certificates including the domain name manulife.com

(limited to 100 certificates)
mlisxivg01.manulife.com
manulife.com
nasbfepool02.mfcgd.com
mfcentral.manulife.com
api1.np.ca.manulife.com
idwicrmapd01.mlijkt01.manulife.com
manulife.com
manulife.com
aidp.manulife.com
azalvedlwrkdp10.p01eaedl.manulife.com
manulife.com
client.manulifebank.com
rps.jhancock.com
manulife.com
sharepoint-externalpartner.uat.ap.manulife.com
hermes.manulife.com
manulife.com
clbs37841.manulife.com
internal.mesh.test.api.manulife.com
azcedlwrks003.s01caedl.manulife.com
manulife.com
cdcwvjhpwast21.americas.manulife.net
daily.manulife.com.vn
click.e.manulife.com
sft.institutional.manulife.com
johnhancock.com
manulife.com
sts.manulife.com
manulife.com
azslvedlmgtdd01.d01saedl.manulife.com
idwicrmapt21.mlijkt01.manulife.com
idwcasp.ap.manulife.com
mfcentral.manulife.com
manulife.com
view-e-ds.manulife.com
idwelems01.mlijkt01.manulife.com
druglookup-client.manulife.com
mfcentral.manulife.com
sharepoint-externalpartner.uat.ap.manulife.com
www-aem-prod.manulife.ca
insttrip.manulife.com
manulife.com
dbpartners.manulife.com
idwinetapt01.mlijkt01.manulife.com
asiacitrix.manulife.com
arrowonramp.manulife.com
manulife.com
qitsso-uat.manulife.com
manulife.com
sf.cac.internal.mesh.dev.api.manulife.com
manulife.com
giam-qa.manulife.com
manulife.com
cconprem.manulife.com
manulife.com
manulife.com
manulife.com
idp.grsportal.ca.manulife.com
manulife.com
insanalyticsdev01.manulife.com
awsuat.manulife.com.kh
idwiqmtapp01.mlijkt01.manulife.com
johnhancock.com
manulife.com
manulife.com
myasoaibp2.ap.manulife.com
remotejp2.manulife.com
johnhancock.com
sharepoint-int.ap.manulife.com
mlifs900g01.manulife.com
nasbaccess01.manulife.com
jhappsstaging-tst.aks.manulife.com
manulife.com
manulife.com
crverifyidentity-dev.johnhancock.com
manulife.com
jpnhoapt09.japan.corp.manulife.com
client.manulifebank.com
preprod.mtls.api.manulife.com
manulife.com
idwietsisft05.mlijkt01.manulife.com
remotehk.manulife.com
azcedledges001.s01caedl.manulife.com
idwcas4tap.ap.manulife.com
manulife.com
mlixnbarplzvnaca.manulife.com
manulife.com
manulife.com
druglookup-client.manulife.com
pcf.manulife.com
proxy.auw.my.underwriting.manulife.com
manulife.com
johnhancock.com
manulife.com
financeit.devsit202201.manulife.com
tw-ssg-fw1.manulife.com
advisor.manulife.ca
azwapnwasm01.mfcgd.com
azuedldbo01.p01usedl.manulife.com
edge.prod-ext.api.manulife.com

Certificate

The complete raw certificate details for manulife.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIMYzCCC0ugAwIBAgIRAJfKoHjwEtgLjUttAmZ7z9wwDQYJKoZIhvcNAQELBQAw
gZUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE9MDsGA1UE
AxM0U2VjdGlnbyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNl
cnZlciBDQTAeFw0yMzAyMDYwMDAwMDBaFw0yNDAyMDYyMzU5NTlaMFMxCzAJBgNV
BAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMRswGQYDVQQKExJNYW51bGlmZSBGaW5h
bmNpYWwxFTATBgNVBAMTDG1hbnVsaWZlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMEQ74+EeN2Hr0KjIASxhakOOgPjzBnCped11K1vq+iZKG/z
NMik7zRxEvX10LQJ5aoy9VCNcoboUKRbehqp+psOnW9IHlIHKu8YyjSc27Udu80O
0cKvENywY3LPAZxIB0/woC2Xey4dg5C550KTGsiLZxjzygmlDq9N3JjUksacysZl
1iJx7wEVlYk/RRvPa6YwjRajqlhDsAp+noaTzwmBNzQfryA8fC0Hd5s4kabMYnXx
qsobeqY3lKMZcpf/ymjqEHNHhrN5tnwcIR8FmThLhk3Nmun/bUxGryWzHd0JunIb
mlQh0cdQCs+wzJDwY0bFzZjDJZj5FCi4Vf959w0CAwEAAaOCCO0wggjpMB8GA1Ud
IwQYMBaAFBfZ1iUnZ/kxwklD2TA2RIxsqU/rMB0GA1UdDgQWBBTm6gcBn05LTsxy
qXIDx6DKP4JdDDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSgYDVR0gBEMwQTA1BgwrBgEEAbIxAQIB
AwQwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EM
AQICMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2Vj
dGlnb1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmww
gYoGCCsGAQUFBwEBBH4wfDBVBggrBgEFBQcwAoZJaHR0cDovL2NydC5zZWN0aWdv
LmNvbS9TZWN0aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZl
ckNBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wggF8
BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB2AHb/iD8KtvuVUcJhzPWHujS0pM27Kdxo
Qgqf5mdMWjp0AAABhidqFecAAAQDAEcwRQIgDl5T8GVVtILHgt38OsT7Ff67ZhPZ
cziBjWtlYbLEPwICIQCstBjst2R2+9DzMN4B2INjn+SDOdLeEsQi5xH8UGxdiwB1
ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2kPTBI1/urAAABhidqFbUAAAQDAEYw
RAIgOtxTEJBxV29/qPKVHMWtB3wS6CfqfxWHatbBwIMrZ3sCICQEk9xfATbbewai
pXv2iGGu02lVYTY4cGGSAWbBvK8lAHUA7s3QZNXbGs7FXLedtM0TojKHRny87N7D
UUhZRnEftZsAAAGGJ2oViQAABAMARjBEAiBrQt0Jf6vMC13+PaD5Kj6zikNeJasN
SDTslZyMptgBngIgIkpj+gL9BKEFQC/o2mHVn7ELuBNEHYBz+f2DDudek7MwggWz
BgNVHREEggWqMIIFpoIMbWFudWxpZmUuY29tghIxMTMyMS5tYW51bGlmZS5jb22C
DmFkdmlzb3JjYWZlLmNhgiJhZ2VudC1zdGcuam9obmhhbmNvY2tpbnN1cmFuY2Uu
Y29tghBhcGkubWFudWxpZmUuY29tghFjYWZlY29uc2VpbGxlci5jYYIZY2RkLXBy
b2QtYmVzLm1hbnVsaWZlLmNvbYIYY2RkLXVhdC1iZXMubWFudWxpZmUuY29tgiBj
ZG5jZXRkdmNhY2ljYWFmbmFwcC5tYW51bGlmZS5pb4IdY2RuY2V0dWFjYWNpY2Zy
dHIubWFudWxpZmUuaW+CG2Rldi5naXRodWIuYXBpLm1hbnVsaWZlLmNvbYIbZHBj
b24ubWFudWxpZmVzZWN1cml0aWVzLmNhgiFkcG1vYmlsZW1zaS5tYW51bGlmZXNl
Y3VyaXRpZXMuY2GCImRwbW9iaWxlbXNpaS5tYW51bGlmZXNlY3VyaXRpZXMuY2GC
I2RwbW9iaWxlbXNpc2kubWFudWxpZmVzZWN1cml0aWVzLmNhgiFkcG1vYmlsZXBw
ZC5tYW51bGlmZXNlY3VyaXRpZXMuY2GCGmRwcmMubWFudWxpZmVzZWN1cml0aWVz
LmNhghhlZGktZGVzaWduZXIubWFudWxpZmUuY2GCH2VkaS1ob3RmaXgtZGVzaWdu
ZXIubWFudWxpZmUuY2GCIGVkaS1wcmVwcm9kLWRlc2lnbmVyLm1hbnVsaWZlLmNh
giBlZGktc3RhZ2luZy1kZXNpZ25lci5tYW51bGlmZS5jYYIcZWRpLXVhdC1kZXNp
Z25lci5tYW51bGlmZS5jYYIRZXBhcmduZW1hbnV2aWUuY2GCF2dpdGh1Yi5hcGku
bWFudWxpZmUuY29tghlncm91cHNhdmluZ3MubWFudWxpZmUuY29tgh5qb2huc3Rv
bmZ1dHVyZXN0ZXAubWFudWxpZmUuY2GCD21hbnVsaWZlcGxhbi5jYYIQbWFudWxp
ZmVwcnBwLmNvbYIQbWZjLm1hbnVsaWZlLmNvbYIWbWZjZW50cmFsLm1hbnVsaWZl
LmNvbYIRcHJvc2Nlbml1bWF0bC5jb22CG3FhdC1ncnNtZW1iZXJzLm1hbnVsaWZl
LmNvbYIYcWF0LWdyc3BycHAubWFudWxpZmUuY29tgh1zYWxlcy1zdGcubWFudWxp
ZmViZXJtdWRhLmNvbYIec3RhZ2UuaWRlbnRpdHkuam9obmhhbmNvY2suY29tghlz
dGFnaW5nLmVwYXJnbmVtYW51dmllLmNhghdzdGFnaW5nLm1hbnVsaWZlcGxhbi5j
YYIadGVzdC5pZGVudGl0eS5qaGFuY29jay5jb22CHXRlc3QuaWRlbnRpdHkuam9o
bmhhbmNvY2suY29tghR0ZXN0LmpoYW5udWl0aWVzLmNvbYIedGVzdGMucGFydG5l
cmxpbmsuamhhbmNvY2suY29tght1YXQtZ3JzbWVtYmVycy5tYW51bGlmZS5jb22C
GHVhdC1ncnNwcnBwLm1hbnVsaWZlLmNvbYIqdmljdG9yaW5zdXJhbmNlLm1hbnVs
aWZldHJhdmVsaW5zdXJhbmNlLmNhghV3bXNyZXBvMS5tYW51bGlmZS5jb22CFXdt
c3JlcG8yLm1hbnVsaWZlLmNvbYISd3d3LmFkdmlzb3JjYWZlLmNhghV3d3cuY2Fm
ZWNvbnNlaWxsZXIuY2GCFXd3dy5lcGFyZ25lbWFudXZpZS5jYYITd3d3Lm1hbnVs
aWZlcGxhbi5jYYIUd3d3Lm1hbnVsaWZlcHJwcC5jb22CFXd3dy5wcm9zY2VuaXVt
YXRsLmNvbYIdd3d3LnN0YWdpbmcuZXBhcmduZW1hbnV2aWUuY2GCG3d3dy5zdGFn
aW5nLm1hbnVsaWZlcGxhbi5jYTANBgkqhkiG9w0BAQsFAAOCAQEAEN8+FwQUzRZX
/yTid3bmEELuHs6DVHMs0yqYN7WD3AmalkyW8thBYaTtBzIMYD52RScDKf8soO+V
PJ4ZjZc935RhVSP+esufnWNMYE/t1j5L5oXpqgHeyXaEGh6ncSA4bbd1EQP4/BzY
kXjYJ09nmV8vgv+CbLABM0Nn8bbw6YhYzWn8JzKEoucr3V7BGjmCMCOA+BNj4yQg
bU44Dxl70WnQfcNLhs0JaTGx3cw2fTMJlB9XKQjMadGibRHUnKqi1dvDaZ2c2pmi
pND5vlXBwqV3vKoC8tVtuEXiRuUuJNFn4Pna8aRnbc720w45uO5b8mQXUHyzvgWT
MVZw2dYlWQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRDvj4R43YevQqMgBLGF
qQ46A+PMGcKl53XUrW+r6Jkob/M0yKTvNHES9fXQtAnlqjL1UI1yhuhQpFt6Gqn6
mw6db0geUgcq7xjKNJzbtR27zQ7Rwq8Q3LBjcs8BnEgHT/CgLZd7Lh2DkLnnQpMa
yItnGPPKCaUOr03cmNSSxpzKxmXWInHvARWViT9FG89rpjCNFqOqWEOwCn6ehpPP
CYE3NB+vIDx8LQd3mziRpsxidfGqyht6pjeUoxlyl//KaOoQc0eGs3m2fBwhHwWZ
OEuGTc2a6f9tTEavJbMd3Qm6chuaVCHRx1AKz7DMkPBjRsXNmMMlmPkUKLhV/3n3
DQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 201765526096161601234558084859255574492
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-02-06 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-06 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'manulife.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24372344204627439567447947188626891883219155038407125421997993942218774396505899553245045985959445221887320653893552972785850875579721605924058827917128759151187839995599758552213296840446851624242298961834098480058316173723057573052751394503117541644736109161863054640059594645488205168420977595002546922988443734262680201414054639838510386019844080928386862272954335147479011212148178467203960744905515532576441313581847622525842406501865390179702880553394592103094754017039364881532519417870408552111420158935112869857176097430489583446648356128039371657364139048764879010726802569322350514298561281693702568933133
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							e6ea07019f4e4b4ecc72a97203c7a0ca3f825d0c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (360 bytes)
							016600760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a7400000186276a15e7000004030047304502200e5e53f06555b482c782ddfc3ac4fb15febb6613d97338818d6b6561b2c43f02022100acb418ecb76476fbd0f330de01d883639fe48339d2de12c422e711fc506c5d8b007500dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab00000186276a15b5000004030046304402203adc53109071576f7fa8f2951cc5ad077c12e827ea7f15876ad6c1c0832b677b0220240493dc5f0136db7b06a2a57bf68861aed369556136387061920166c1bcaf25007500eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b00000186276a1589000004030046304402206b42dd097fabcc0b5dfe3da0f92a3eb38a435e25ab0d4834ec959c8ca6d8019e0220224a63fa02fd04a105402fe8da61d59fb10bb813441d8073f9fd830ee75e93b3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1450 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '11321.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'advisorcafe.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'agent-stg.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cafeconseiller.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdd-prod-bes.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdd-uat-bes.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdncetdvcacicaafnapp.manulife.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdncetuacacicfrtr.manulife.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.github.api.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dpcon.manulifesecurities.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dpmobilemsi.manulifesecurities.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dpmobilemsii.manulifesecurities.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dpmobilemsisi.manulifesecurities.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dpmobileppd.manulifesecurities.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dprc.manulifesecurities.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edi-designer.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edi-hotfix-designer.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edi-preprod-designer.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edi-staging-designer.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edi-uat-designer.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'epargnemanuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'github.api.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'groupsavings.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnstonfuturestep.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifeplan.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifeprpp.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mfc.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mfcentral.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prosceniumatl.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qat-grsmembers.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qat-grsprpp.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sales-stg.manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.identity.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging.epargnemanuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging.manulifeplan.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.identity.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.identity.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.jhannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'testc.partnerlink.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat-grsmembers.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat-grsprpp.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'victorinsurance.manulifetravelinsurance.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wmsrepo1.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wmsrepo2.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.advisorcafe.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cafeconseiller.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.epargnemanuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulifeplan.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manulifeprpp.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.prosceniumatl.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.staging.epargnemanuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.staging.manulifeplan.ca'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0010df3e170414cd1657ff24e27776e61042ee1ece8354732cd32a9837b583dc099a964c96f2d84161a4ed07320c603e7645270329ff2ca0ef953c9e198d973ddf94615523fe7acb9f9d634c604fedd63e4be685e9aa01dec976841a1ea77120386db7751103f8fc1cd89178d8274f67995f2f82ff826cb001334367f1b6f0e98858cd69fc273284a2e72bdd5ec11a3982302380f81363e324206d4e380f197bd169d07dc34b86cd096931b1ddcc367d3309941f572908cc69d1a26d11d49caaa2d5dbc3699d9cda99a2a4d0f9be55c1c2a577bcaa02f2d56db845e246e52e24d167e0f9daf1a4676dcef6d30e39b8ee5bf26417507cb3be0593315670d9d62559