johnhancock.com

- Manulife Financial Corporation -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number f6:8a:37:1e:54:e3:f0:2a:55:4f:fb:e7:2f:24:dd:4f was issued on by Sectigo Limited.

With 62 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Manulife Financial Corporation

Organization: Manulife Financial Corporation
State / Province: Ontario
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate will expire on

Certificate Details

Serial Number (hex): f6:8a:37:1e:54:e3:f0:2a:55:4f:fb:e7:2f:24:dd:4f
Serial Number (int): 327707741865212488351789245620459724111
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 56:b1:cb:7d:e1:f1:48:92:43:e6:eb:01:e7:90:66:94:16:39:1f:6c
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): 20:bb:3b:f6:f8:c2:56:00:4a:e8:ad:8f:44:69:6f:91:da:72:2a:41
Fingerprint (sha256): ac:a2:a7:7a:ff:a9:2d:b0:79:83:4a:6a:77:ed:8b:28:41:76:62:c4:4d:96:20:78:7f:fd:cf:51:5b:d8:02:ee

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate johnhancock.com

62

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for johnhancock.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

johnhancock.com
admin.jhrpsportal.com
admin5.jhnavigator.com
agent-stg.johnhancockinsurance.com
annuitiescopilot.nonprod.jhancock.com
annuitiescopilot.prod.jhancock.com
annuitiesvoice.nonprod.jhancock.com
annuitiesvoice.prod.jhancock.com
apps-test.johnhancockinsurance.com
assets.jhnavigator.com
azkv-usseg.prod.jhancock.com
ciamverification.registration.johnhancock.com
crverifyidentity.registration.johnhancock.com
data.igpinfo.com
dev-pdf.jhinvestments.com
dev.illustrationservicesportal.com
dev.jhadvancedmarkets.com
dev.jhillust.com
dev.jhinforcedownload.com
fwat.jhmylearningcenter.com
igpinfo.com
jhauditpackage.com
jhcashoutcalculator.com
jhdiscover.com
jhemarketing-info.com
jhi-apim.dev.manulife.com
jhi-apim.test.manulife.com
jhillust.com
jhmylearningcenter.com
jhnavigator.com
jhrps.com
jhrpsportal.com
jhvitality.com
patternlab.jhrps.com
provider.registration.johnhancock.com
qa.tmp.mysales.johnhancock.com
sales-stg.manulifebermuda.com
stage.identity.johnhancock.com
stage.jhadvancedmarkets.com
stage.jhillust.com
stage.jhinforcedownload.com
stg.tmp.mysales.johnhancock.com
test.identity.jhancock.com
test.identity.johnhancock.com
test.jhadvancedmarkets.com
test.jhannuities.com
test.jhillust.com
test.jhinforcedownload.com
test.johnhancockvitality.com
testc.partnerlink.jhancock.com
uat.data.igpinfo.com
www.data.igpinfo.com
www.igpinfo.com
www.jhauditpackage.com
www.jhcashoutcalculator.com
www.jhdiscover.com
www.jhemarketing-info.com
www.jhillust.com
www.jhmylearningcenter.com
www.jhnavigator.com
www.jhrps.com
www.jhrpsportal.com

Other certificates including the domain name johnhancock.com

(limited to 100 certificates)
johnhancockinsurance.com
stage.identity.jhancock.com
manulife.com
rps.jhancock.com
manulife.com
uat.igpclaimreporting.jhancock.com
qa.johnhancock.com
johnhancock.com
johnhancock.com
onboarding.retirement.johnhancock.com
johnhancock.com
www.jhinvestments.com
stg.johnhancock.com
myplanuat.johnhancock.com
www.jhinvestments.com
qr.retirement.johnhancock.com
dev-tmp.jhinvestments.com
johnhancock.com
www.jhinvestments.com
manulife.com
johnhancock.com
advisorfeedbackhub.johnhancock.com
manulife.com
johnhancock.com
johnhancock.com
crverifyidentity-dev.johnhancock.com
myplanuat.johnhancock.com
www.jhinvestments.com
johnhancock.com
img.retirement.johnhancock.com
johnhancock.com
rps.jhancock.com
manulife.com
johnhancock.com
manulife.com
instant-apply.johnhancockinsurance.com
manulife.com
manulife.com
rps.jhancock.com
instant-apply.johnhancockinsurance.com
qr.myplan.johnhancock.com
manulife.com
digital-uat.customer.johnhancock.com
myplanuat.johnhancock.com
manulife.com
www.jhinvestments.com
digital-uat.customer.johnhancock.com
personalizedretirementadvice.johnhancock.com
rps.jhancock.com
www.jhinvestments.com
johnhancock.com
secure.johnhancock.com
manulife.com
johnhancock.com
johnhancock.com
www.jhinvestments.com
manulife.com
ww4.johnhancock.com
johnhancock.com
johnhancock.com
manulife.com
preferences.johnhancock.com
qr.myplan.johnhancock.com
img.retirement.johnhancock.com
johnhancock.com
manulife.com
jhshsm.johnhancock.com
qr.myplan.johnhancock.com
johnhancock.com
ww4.johnhancock.com
quote-uat.johnhancock.com
stg.johnhancock.com
johnhancock.com
digital.customer.johnhancock.com
johnhancock.com
johnhancockinsurance.com
johnhancock.com
retirementinfo.johnhancock.com
jhaconnect.jhannuities.com
johnhancock.com
johnhancock.com
onboarding.retirement.johnhancock.com
protect.johnhancock.com
jhshsm.johnhancock.com
rps.jhancock.com
qr.retirement.johnhancock.com
manulife.com
johnhancock.com
newonboardingaugust2023.retirement.johnhancock.com
johnhancock.com
rps.jhancock.com
manulife.com
johnhancock.com
manulife.com
johnhancock.com
finapp.johnhancock.com
johnhancock.com
manulife.com
manulife.com
preferencesstg.johnhancock.com

Certificate

The complete raw certificate details for johnhancock.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIINGzCCDAOgAwIBAgIRAPaKNx5U4/AqVU/75y8k3U8wDQYJKoZIhvcNAQELBQAw
gZUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE9MDsGA1UE
AxM0U2VjdGlnbyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNl
cnZlciBDQTAeFw0yNDA0MTIwMDAwMDBaFw0yNTA0MTIyMzU5NTlaMGIxCzAJBgNV
BAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMScwJQYDVQQKEx5NYW51bGlmZSBGaW5h
bmNpYWwgQ29ycG9yYXRpb24xGDAWBgNVBAMTD2pvaG5oYW5jb2NrLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxDQ0MVB6blQMS6Um8cAuYRZ2Ot
kCKDcH2+VkY1efosgfzg1rY3/2rLIs/8mQPO4E2Ladn30ntlnyx4g716Evmyn7Vy
c4eMaCiolPX7uR/97uKPCl47m5LSB3baxWFse1m/kNWjaubdgsQE62Ocx5ypEmpd
iw/7scVlMB4vzWEZ9aTikHQD5czMUDY7X1AQ3/L8NnKdbkOENP9vukVi87bziJ7S
2ubTHjUK8x5FAuejdaYS7rbDSca4XoJmeuHnnMN5q0lYdE7ku4XXuff+pxwmvVgm
FWRUmV2mACEWiiDKm6w5J3Nzl/OtgdUI5EVa69KPNyta+XSPanJRMt3aJgECAwEA
AaOCCZYwggmSMB8GA1UdIwQYMBaAFBfZ1iUnZ/kxwklD2TA2RIxsqU/rMB0GA1Ud
DgQWBBRWsct94fFIkkPm6wHnkGaUFjkfbDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T
AQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSgYDVR0gBEMw
QTA1BgwrBgEEAbIxAQIBAwQwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdv
LmNvbS9DUFMwCAYGZ4EMAQICMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwu
c2VjdGlnby5jb20vU2VjdGlnb1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1
cmVTZXJ2ZXJDQS5jcmwwgYoGCCsGAQUFBwEBBH4wfDBVBggrBgEFBQcwAoZJaHR0
cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRh
dGlvblNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
c2VjdGlnby5jb20wggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB3AM8RVu7VLnyv
84db2Wkum+kacWdKsBfsrAHSW3fOzDsIAAABjtLPebMAAAQDAEgwRgIhAPBQzSCR
GsUB6V8Mv9xP9lmuBzyrB+XxtK1kc6L7RSfWAiEA5qlcev4F55dHE0NyXN1nYb3U
wGOPRZysZDvsOUxDsAgAdwCi4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14bLMS5UKRH
5wAAAY7Sz3lJAAAEAwBIMEYCIQDJ9uYYlvy5DnGiqjn+YwJGQ+stb3JSlPlh/p/l
k1SvJwIhAJEp3L+C4rfmWjtGLQgffnoyd5TxHwrxLa1zmpSRv0mZAHUATnWjJ1ya
EMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGO0s95SQAABAMARjBEAiBVpwZy
nvL81UfDp7ew8qLD5aYGMe0qnd1cb7+jswsXFQIgRBDUfPFFPu6uql8vjDyXni6g
thPeu9Nttx+J4hne6+MwggZZBgNVHREEggZQMIIGTIIPam9obmhhbmNvY2suY29t
ghVhZG1pbi5qaHJwc3BvcnRhbC5jb22CFmFkbWluNS5qaG5hdmlnYXRvci5jb22C
ImFnZW50LXN0Zy5qb2huaGFuY29ja2luc3VyYW5jZS5jb22CJWFubnVpdGllc2Nv
cGlsb3Qubm9ucHJvZC5qaGFuY29jay5jb22CImFubnVpdGllc2NvcGlsb3QucHJv
ZC5qaGFuY29jay5jb22CI2FubnVpdGllc3ZvaWNlLm5vbnByb2QuamhhbmNvY2su
Y29tgiBhbm51aXRpZXN2b2ljZS5wcm9kLmpoYW5jb2NrLmNvbYIiYXBwcy10ZXN0
LmpvaG5oYW5jb2NraW5zdXJhbmNlLmNvbYIWYXNzZXRzLmpobmF2aWdhdG9yLmNv
bYIcYXprdi11c3NlZy5wcm9kLmpoYW5jb2NrLmNvbYItY2lhbXZlcmlmaWNhdGlv
bi5yZWdpc3RyYXRpb24uam9obmhhbmNvY2suY29tgi1jcnZlcmlmeWlkZW50aXR5
LnJlZ2lzdHJhdGlvbi5qb2huaGFuY29jay5jb22CEGRhdGEuaWdwaW5mby5jb22C
GWRldi1wZGYuamhpbnZlc3RtZW50cy5jb22CImRldi5pbGx1c3RyYXRpb25zZXJ2
aWNlc3BvcnRhbC5jb22CGWRldi5qaGFkdmFuY2VkbWFya2V0cy5jb22CEGRldi5q
aGlsbHVzdC5jb22CGWRldi5qaGluZm9yY2Vkb3dubG9hZC5jb22CG2Z3YXQuamht
eWxlYXJuaW5nY2VudGVyLmNvbYILaWdwaW5mby5jb22CEmpoYXVkaXRwYWNrYWdl
LmNvbYIXamhjYXNob3V0Y2FsY3VsYXRvci5jb22CDmpoZGlzY292ZXIuY29tghVq
aGVtYXJrZXRpbmctaW5mby5jb22CGWpoaS1hcGltLmRldi5tYW51bGlmZS5jb22C
GmpoaS1hcGltLnRlc3QubWFudWxpZmUuY29tggxqaGlsbHVzdC5jb22CFmpobXls
ZWFybmluZ2NlbnRlci5jb22CD2pobmF2aWdhdG9yLmNvbYIJamhycHMuY29tgg9q
aHJwc3BvcnRhbC5jb22CDmpodml0YWxpdHkuY29tghRwYXR0ZXJubGFiLmpocnBz
LmNvbYIlcHJvdmlkZXIucmVnaXN0cmF0aW9uLmpvaG5oYW5jb2NrLmNvbYIecWEu
dG1wLm15c2FsZXMuam9obmhhbmNvY2suY29tgh1zYWxlcy1zdGcubWFudWxpZmVi
ZXJtdWRhLmNvbYIec3RhZ2UuaWRlbnRpdHkuam9obmhhbmNvY2suY29tghtzdGFn
ZS5qaGFkdmFuY2VkbWFya2V0cy5jb22CEnN0YWdlLmpoaWxsdXN0LmNvbYIbc3Rh
Z2UuamhpbmZvcmNlZG93bmxvYWQuY29tgh9zdGcudG1wLm15c2FsZXMuam9obmhh
bmNvY2suY29tghp0ZXN0LmlkZW50aXR5LmpoYW5jb2NrLmNvbYIddGVzdC5pZGVu
dGl0eS5qb2huaGFuY29jay5jb22CGnRlc3QuamhhZHZhbmNlZG1hcmtldHMuY29t
ghR0ZXN0LmpoYW5udWl0aWVzLmNvbYIRdGVzdC5qaGlsbHVzdC5jb22CGnRlc3Qu
amhpbmZvcmNlZG93bmxvYWQuY29tghx0ZXN0LmpvaG5oYW5jb2Nrdml0YWxpdHku
Y29tgh50ZXN0Yy5wYXJ0bmVybGluay5qaGFuY29jay5jb22CFHVhdC5kYXRhLmln
cGluZm8uY29tghR3d3cuZGF0YS5pZ3BpbmZvLmNvbYIPd3d3LmlncGluZm8uY29t
ghZ3d3cuamhhdWRpdHBhY2thZ2UuY29tght3d3cuamhjYXNob3V0Y2FsY3VsYXRv
ci5jb22CEnd3dy5qaGRpc2NvdmVyLmNvbYIZd3d3LmpoZW1hcmtldGluZy1pbmZv
LmNvbYIQd3d3LmpoaWxsdXN0LmNvbYIad3d3LmpobXlsZWFybmluZ2NlbnRlci5j
b22CE3d3dy5qaG5hdmlnYXRvci5jb22CDXd3dy5qaHJwcy5jb22CE3d3dy5qaHJw
c3BvcnRhbC5jb20wDQYJKoZIhvcNAQELBQADggEBADSI7uvFDR2j9VR6ZZsk7WUu
p4sJS3wN/7AhwKufgQFfgoNw626HCVbfqHLX5p+b0zZtmr81tXom1v+fdLNQJo3N
osXC0O+oBxcoBvl45MDKviQ+ZfkkGI8ZOuFdh4D0SQmqx/81Wxpxb3qG4iijsGKi
Y/eA1z4EGIZKjMCoAy8SjrxqXDPtY1kOvsn9EgOy5LfD6EZnJKee8vmH6FB/0AfJ
mtgzn2/4uHoU6EB8KsTJ8QWU37dwxdLLhuqu7h/AEYDS6wye04E5uAo9kkLd7wFC
zrnJvfDGtovSwLr5EFtY686QTqNSdtzfHSCVlJ5IhIJum9H8b2YfhtFh97o5dCM=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvENDQxUHpuVAxLpSbxwC
5hFnY62QIoNwfb5WRjV5+iyB/ODWtjf/assiz/yZA87gTYtp2ffSe2WfLHiDvXoS
+bKftXJzh4xoKKiU9fu5H/3u4o8KXjubktIHdtrFYWx7Wb+Q1aNq5t2CxATrY5zH
nKkSal2LD/uxxWUwHi/NYRn1pOKQdAPlzMxQNjtfUBDf8vw2cp1uQ4Q0/2+6RWLz
tvOIntLa5tMeNQrzHkUC56N1phLutsNJxrhegmZ64eecw3mrSVh0TuS7hde59/6n
HCa9WCYVZFSZXaYAIRaKIMqbrDknc3OX862B1QjkRVrr0o83K1r5dI9qclEy3dom
AQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 327707741865212488351789245620459724111
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-12 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-04-12 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'johnhancock.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23765969828074749660839739434143793246779699323505269328306858632730001875057096216295592159387180105873049129889769866290659976060889001332700889651079770236487094962190573781264385146405917997219305876023082132505462185265594316919692319703748892210361944885966659321904064640598486942234346785097654354436550126519468231829894316933376951322519803973215564247133080717131046839376034955614988474568826065033965847577809737777722019736727499344659699155400647165871844489826840700633846151557942554863780338796985959399373942818073669121229027887046522518996940472410659885505718642336418535774079007735669208000001
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							56b1cb7de1f1489243e6eb01e790669416391f6c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							0169007700cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018ed2cf79b30000040300483046022100f050cd20911ac501e95f0cbfdc4ff659ae073cab07e5f1b4ad6473a2fb4527d6022100e6a95c7afe05e797471343725cdd6761bdd4c0638f459cac643bec394c43b008007700a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018ed2cf79490000040300483046022100c9f6e61896fcb90e71a2aa39fe63024643eb2d6f725294f961fe9fe59354af270221009129dcbf82e2b7e65a3b462d081f7e7a327794f11f0af12dad739a9491bf49990075004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018ed2cf79490000040300463044022055a706729ef2fcd547c3a7b7b0f2a2c3e5a60631ed2a9ddd5c6fbfa3b30b171502204410d47cf1453eeeaeaa5f2f8c3c979e2ea0b613debbd36db71f89e219deebe3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1616 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'admin.jhrpsportal.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'admin5.jhnavigator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'agent-stg.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'annuitiescopilot.nonprod.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'annuitiescopilot.prod.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'annuitiesvoice.nonprod.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'annuitiesvoice.prod.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'apps-test.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'assets.jhnavigator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'azkv-usseg.prod.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ciamverification.registration.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'crverifyidentity.registration.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'data.igpinfo.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev-pdf.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.illustrationservicesportal.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.jhadvancedmarkets.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.jhillust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.jhinforcedownload.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fwat.jhmylearningcenter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'igpinfo.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhauditpackage.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhcashoutcalculator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhdiscover.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhemarketing-info.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhi-apim.dev.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhi-apim.test.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhillust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhmylearningcenter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhnavigator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhrps.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhrpsportal.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhvitality.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'patternlab.jhrps.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'provider.registration.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.tmp.mysales.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sales-stg.manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.identity.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.jhadvancedmarkets.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.jhillust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.jhinforcedownload.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg.tmp.mysales.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.identity.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.identity.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.jhadvancedmarkets.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.jhannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.jhillust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.jhinforcedownload.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.johnhancockvitality.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'testc.partnerlink.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat.data.igpinfo.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.data.igpinfo.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.igpinfo.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhauditpackage.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhcashoutcalculator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhdiscover.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhemarketing-info.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhillust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhmylearningcenter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhnavigator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhrps.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhrpsportal.com'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003488eeebc50d1da3f5547a659b24ed652ea78b094b7c0dffb021c0ab9f81015f828370eb6e870956dfa872d7e69f9bd3366d9abf35b57a26d6ff9f74b350268dcda2c5c2d0efa807172806f978e4c0cabe243e65f924188f193ae15d8780f44909aac7ff355b1a716f7a86e228a3b062a263f780d73e0418864a8cc0a8032f128ebc6a5c33ed63590ebec9fd1203b2e4b7c3e8466724a79ef2f987e8507fd007c99ad8339f6ff8b87a14e8407c2ac4c9f10594dfb770c5d2cb86eaaeee1fc01180d2eb0c9ed38139b80a3d9242ddef0142ceb9c9bdf0c6b68bd2c0baf9105b58ebce904ea35276dcdf1d2095949e4884826e9bd1fc6f661f86d161f7ba397423