johnhancock.com

- Manulife Financial Corporation -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number 69:21:40:68:50:d3:f1:3b:47:92:c3:a7:5b:db:2d:a1 was issued on by Sectigo Limited.

With 64 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Manulife Financial Corporation

Organization: Manulife Financial Corporation
State / Province: Ontario
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate will expire on

Certificate Details

Serial Number (hex): 69:21:40:68:50:d3:f1:3b:47:92:c3:a7:5b:db:2d:a1
Serial Number (int): 139741591692706374474523453895019802017
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 94:69:de:71:a4:1d:ac:88:6a:76:9f:21:1b:5a:e6:da:57:80:53:b5
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): bc:83:89:73:84:da:96:62:b3:fc:b1:6d:7d:70:d6:07:d2:e0:38:24
Fingerprint (sha256): fe:d4:74:9f:b6:c4:1c:60:41:8b:6e:f9:7b:07:80:e0:b0:f6:b3:6a:80:b7:25:26:8e:23:49:b8:ae:2c:4d:1c

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate johnhancock.com

64

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for johnhancock.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

johnhancock.com
45stclair.com
admin.jhrpsportal.com
admin5.jhnavigator.com
agent-stg.johnhancockinsurance.com
apps-test.johnhancockinsurance.com
assets.jhnavigator.com
assets.jhrps.com
ciamverification.registration.johnhancock.com
crverifyidentity.registration.johnhancock.com
data.igpinfo.com
dev-pdf.jhinvestments.com
dev.illustrationservicesportal.com
dev.jhadvancedmarkets.com
dev.jhillust.com
dev.jhinforcedownload.com
fwat.jhmylearningcenter.com
igpinfo.com
jh401kideas.com
jhancockretirementplanservices.com
jhapim.portal.manulife.com
jhcashoutcalculator.com
jhdiscover.com
jhemarketing-info.com
jhillust.com
jhmylearningcenter.com
jhnavigator.com
jhretirementadvisor.com
jhrps.com
jhrpsportal.com
jhvitality.com
patternlab.jhrps.com
provider.registration.johnhancock.com
qa.tmp.mysales.johnhancock.com
sales-stg.manulifebermuda.com
stage.identity.johnhancock.com
stage.jhadvancedmarkets.com
stage.jhillust.com
stage.jhinforcedownload.com
stg.tmp.mysales.johnhancock.com
test.identity.jhancock.com
test.identity.johnhancock.com
test.jhadvancedmarkets.com
test.jhannuities.com
test.jhillust.com
test.jhinforcedownload.com
test.johnhancockvitality.com
testc.partnerlink.jhancock.com
uat.data.igpinfo.com
www.45stclair.com
www.data.igpinfo.com
www.igpinfo.com
www.jh401kideas.com
www.jhancockretirementplanservices.com
www.jhauditpackage.com
www.jhcashoutcalculator.com
www.jhdiscover.com
www.jhemarketing-info.com
www.jhillust.com
www.jhmylearningcenter.com
www.jhnavigator.com
www.jhretirementadvisor.com
www.jhrps.com
www.jhrpsportal.com

Other certificates including the domain name johnhancock.com

(limited to 100 certificates)
johnhancockinsurance.com
stage.identity.jhancock.com
manulife.com
rps.jhancock.com
manulife.com
uat.igpclaimreporting.jhancock.com
qa.johnhancock.com
johnhancock.com
johnhancock.com
onboarding.retirement.johnhancock.com
johnhancock.com
www.jhinvestments.com
stg.johnhancock.com
myplanuat.johnhancock.com
www.jhinvestments.com
qr.retirement.johnhancock.com
dev-tmp.jhinvestments.com
johnhancock.com
www.jhinvestments.com
manulife.com
johnhancock.com
advisorfeedbackhub.johnhancock.com
manulife.com
johnhancock.com
johnhancock.com
crverifyidentity-dev.johnhancock.com
myplanuat.johnhancock.com
www.jhinvestments.com
johnhancock.com
img.retirement.johnhancock.com
johnhancock.com
rps.jhancock.com
manulife.com
johnhancock.com
manulife.com
instant-apply.johnhancockinsurance.com
manulife.com
manulife.com
rps.jhancock.com
instant-apply.johnhancockinsurance.com
qr.myplan.johnhancock.com
manulife.com
digital-uat.customer.johnhancock.com
myplanuat.johnhancock.com
manulife.com
www.jhinvestments.com
digital-uat.customer.johnhancock.com
personalizedretirementadvice.johnhancock.com
rps.jhancock.com
www.jhinvestments.com
johnhancock.com
secure.johnhancock.com
manulife.com
johnhancock.com
johnhancock.com
www.jhinvestments.com
manulife.com
ww4.johnhancock.com
johnhancock.com
johnhancock.com
manulife.com
preferences.johnhancock.com
qr.myplan.johnhancock.com
img.retirement.johnhancock.com
johnhancock.com
manulife.com
jhshsm.johnhancock.com
qr.myplan.johnhancock.com
johnhancock.com
ww4.johnhancock.com
quote-uat.johnhancock.com
stg.johnhancock.com
johnhancock.com
digital.customer.johnhancock.com
johnhancock.com
johnhancockinsurance.com
johnhancock.com
retirementinfo.johnhancock.com
jhaconnect.jhannuities.com
johnhancock.com
johnhancock.com
onboarding.retirement.johnhancock.com
protect.johnhancock.com
jhshsm.johnhancock.com
rps.jhancock.com
qr.retirement.johnhancock.com
manulife.com
johnhancock.com
newonboardingaugust2023.retirement.johnhancock.com
johnhancock.com
rps.jhancock.com
manulife.com
johnhancock.com
manulife.com
johnhancock.com
finapp.johnhancock.com
johnhancock.com
manulife.com
manulife.com
preferencesstg.johnhancock.com

Certificate

The complete raw certificate details for johnhancock.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIINFzCCC/+gAwIBAgIQaSFAaFDT8TtHksOnW9stoTANBgkqhkiG9w0BAQsFADCB
lTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQD
EzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2Vy
dmVyIENBMB4XDTI0MDIwOTAwMDAwMFoXDTI1MDIwODIzNTk1OVowYjELMAkGA1UE
BhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xJzAlBgNVBAoTHk1hbnVsaWZlIEZpbmFu
Y2lhbCBDb3Jwb3JhdGlvbjEYMBYGA1UEAxMPam9obmhhbmNvY2suY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNUT1Qa1qLK6bSbOW6PtUTDtPCf+
UtMz/A76a8rBguCeGGeGYRF5wNRABWrvTh6eZoorumAheH73biiGKlaaQM2G//xB
02IQSa4byTVylb1BPDvooi5VpUgVaXJBNThKYszIc42WdZGV6Pbh54YEOexptwnZ
tXcb5grVfjhc/20zVWOkpcHwcKKP06AxebpEoJdojBTwv2f4mP8SjboSY1op0lRr
s5vBioiiwzEgvSbNHiq5b+YdT7MOFP5T3LCwc7ORr6v0+RqYw7qeWGVPcaV4dAdi
f50xNJ2tKLcEjJe+PZJwLgyB/geKGVh6NwwvRIf97pWbpQ5qckdP+i7QvQIDAQAB
o4IJkzCCCY8wHwYDVR0jBBgwFoAUF9nWJSdn+THCSUPZMDZEjGypT+swHQYDVR0O
BBYEFJRp3nGkHayIanafIRta5tpXgFO1MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBB
MDUGDCsGAQQBsjEBAgEDBDAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28u
Y29tL0NQUzAIBgZngQwBAgIwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5z
ZWN0aWdvLmNvbS9TZWN0aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3Vy
ZVNlcnZlckNBLmNybDCBigYIKwYBBQUHAQEEfjB8MFUGCCsGAQUFBzAChklodHRw
Oi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FPcmdhbml6YXRpb25WYWxpZGF0
aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5z
ZWN0aWdvLmNvbTCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHcAzxFW7tUufK/z
h1vZaS6b6RpxZ0qwF+ysAdJbd87MOwgAAAGNi0giqAAABAMASDBGAiEAvepEDVZc
W2xwjcKWbOUCkt2QgpDlEq/mf/7YXJvfyg4CIQD+GBCcbjeyGCUyW/UvVFe6nmRR
rQiZyR/i2Zmh3KSg1QB2AKLjCuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfn
AAABjYtIItEAAAQDAEcwRQIgHmSGclq8EPaQlRIjA/xtK4Bmij2NgmkUo9nLIt0i
Nd0CIQCU/po9ltjRDEAFkdWTyOZUppRf1n4U2CdRts5XviI7YAB2AE51oydcmhDD
OFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABjYtIItwAAAQDAEcwRQIgYlaHymaz
Twh4iuWnndcpSKMlY9M0o7xmmMWvOpOl+u0CIQD5R5miU/IH3Z+enwpN7EDQhQl4
zkGgcssx2Z9/SYA1pzCCBlYGA1UdEQSCBk0wggZJgg9qb2huaGFuY29jay5jb22C
DTQ1c3RjbGFpci5jb22CFWFkbWluLmpocnBzcG9ydGFsLmNvbYIWYWRtaW41Lmpo
bmF2aWdhdG9yLmNvbYIiYWdlbnQtc3RnLmpvaG5oYW5jb2NraW5zdXJhbmNlLmNv
bYIiYXBwcy10ZXN0LmpvaG5oYW5jb2NraW5zdXJhbmNlLmNvbYIWYXNzZXRzLmpo
bmF2aWdhdG9yLmNvbYIQYXNzZXRzLmpocnBzLmNvbYItY2lhbXZlcmlmaWNhdGlv
bi5yZWdpc3RyYXRpb24uam9obmhhbmNvY2suY29tgi1jcnZlcmlmeWlkZW50aXR5
LnJlZ2lzdHJhdGlvbi5qb2huaGFuY29jay5jb22CEGRhdGEuaWdwaW5mby5jb22C
GWRldi1wZGYuamhpbnZlc3RtZW50cy5jb22CImRldi5pbGx1c3RyYXRpb25zZXJ2
aWNlc3BvcnRhbC5jb22CGWRldi5qaGFkdmFuY2VkbWFya2V0cy5jb22CEGRldi5q
aGlsbHVzdC5jb22CGWRldi5qaGluZm9yY2Vkb3dubG9hZC5jb22CG2Z3YXQuamht
eWxlYXJuaW5nY2VudGVyLmNvbYILaWdwaW5mby5jb22CD2poNDAxa2lkZWFzLmNv
bYIiamhhbmNvY2tyZXRpcmVtZW50cGxhbnNlcnZpY2VzLmNvbYIaamhhcGltLnBv
cnRhbC5tYW51bGlmZS5jb22CF2poY2FzaG91dGNhbGN1bGF0b3IuY29tgg5qaGRp
c2NvdmVyLmNvbYIVamhlbWFya2V0aW5nLWluZm8uY29tggxqaGlsbHVzdC5jb22C
FmpobXlsZWFybmluZ2NlbnRlci5jb22CD2pobmF2aWdhdG9yLmNvbYIXamhyZXRp
cmVtZW50YWR2aXNvci5jb22CCWpocnBzLmNvbYIPamhycHNwb3J0YWwuY29tgg5q
aHZpdGFsaXR5LmNvbYIUcGF0dGVybmxhYi5qaHJwcy5jb22CJXByb3ZpZGVyLnJl
Z2lzdHJhdGlvbi5qb2huaGFuY29jay5jb22CHnFhLnRtcC5teXNhbGVzLmpvaG5o
YW5jb2NrLmNvbYIdc2FsZXMtc3RnLm1hbnVsaWZlYmVybXVkYS5jb22CHnN0YWdl
LmlkZW50aXR5LmpvaG5oYW5jb2NrLmNvbYIbc3RhZ2UuamhhZHZhbmNlZG1hcmtl
dHMuY29tghJzdGFnZS5qaGlsbHVzdC5jb22CG3N0YWdlLmpoaW5mb3JjZWRvd25s
b2FkLmNvbYIfc3RnLnRtcC5teXNhbGVzLmpvaG5oYW5jb2NrLmNvbYIadGVzdC5p
ZGVudGl0eS5qaGFuY29jay5jb22CHXRlc3QuaWRlbnRpdHkuam9obmhhbmNvY2su
Y29tghp0ZXN0LmpoYWR2YW5jZWRtYXJrZXRzLmNvbYIUdGVzdC5qaGFubnVpdGll
cy5jb22CEXRlc3QuamhpbGx1c3QuY29tghp0ZXN0LmpoaW5mb3JjZWRvd25sb2Fk
LmNvbYIcdGVzdC5qb2huaGFuY29ja3ZpdGFsaXR5LmNvbYIedGVzdGMucGFydG5l
cmxpbmsuamhhbmNvY2suY29tghR1YXQuZGF0YS5pZ3BpbmZvLmNvbYIRd3d3LjQ1
c3RjbGFpci5jb22CFHd3dy5kYXRhLmlncGluZm8uY29tgg93d3cuaWdwaW5mby5j
b22CE3d3dy5qaDQwMWtpZGVhcy5jb22CJnd3dy5qaGFuY29ja3JldGlyZW1lbnRw
bGFuc2VydmljZXMuY29tghZ3d3cuamhhdWRpdHBhY2thZ2UuY29tght3d3cuamhj
YXNob3V0Y2FsY3VsYXRvci5jb22CEnd3dy5qaGRpc2NvdmVyLmNvbYIZd3d3Lmpo
ZW1hcmtldGluZy1pbmZvLmNvbYIQd3d3LmpoaWxsdXN0LmNvbYIad3d3LmpobXls
ZWFybmluZ2NlbnRlci5jb22CE3d3dy5qaG5hdmlnYXRvci5jb22CG3d3dy5qaHJl
dGlyZW1lbnRhZHZpc29yLmNvbYINd3d3LmpocnBzLmNvbYITd3d3LmpocnBzcG9y
dGFsLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAkJhcXnWleBAtsHbJH+ywMyijHUGX
3KXx18Kw3VRxVPqGd501YcSvq+2yH7brsEbJ1YhAv8uUwlHrHd8edxhaGFKcARD4
mEr2BGCIUCLkl8h0XdJXWjXupbXIKLA+q9kG9wu92Cb0SI8dlybAgF5Qk737hbn+
YPGPLoV7q5KRzvb+kW+NEcVFK7wuTHKNyhs9ztR7TjrR+flM8X9NvwOs0yU4cyEq
4hN/JJDKwHXHMpZLFccF0U0vh2+RIsJ5xDS9e5qg8iCxyM0tAkJmqa+GTeLAPmvz
JY5CSlChQ4iysJr80ruPOKJRkopbWXPN7hfar4E5B2sFvxvoSGQC59/LDA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNUT1Qa1qLK6bSbOW6Pt
UTDtPCf+UtMz/A76a8rBguCeGGeGYRF5wNRABWrvTh6eZoorumAheH73biiGKlaa
QM2G//xB02IQSa4byTVylb1BPDvooi5VpUgVaXJBNThKYszIc42WdZGV6Pbh54YE
OexptwnZtXcb5grVfjhc/20zVWOkpcHwcKKP06AxebpEoJdojBTwv2f4mP8SjboS
Y1op0lRrs5vBioiiwzEgvSbNHiq5b+YdT7MOFP5T3LCwc7ORr6v0+RqYw7qeWGVP
caV4dAdif50xNJ2tKLcEjJe+PZJwLgyB/geKGVh6NwwvRIf97pWbpQ5qckdP+i7Q
vQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 139741591692706374474523453895019802017
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-09 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-08 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'johnhancock.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20303201210769980962649562446606208772065667248187201423921955703710568249183438812750132612117994264535771802638930540265434679631646601575851867054653429644569400952465434927509837591425457121969468436008292719331938972667898004881102051464980452625676253192689941717357240804026724374132301249088754697040107646544563551221800565514271430306756742470810419650524800410408245938424178177940648743859286555482496559632581803487971418149648848428415095557595763962473934704551971121746367909455033738416505992896403238839682135363241026584441728892536457603849238897032348767545519118147192342507320918730668971577533
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							9469de71a41dac886a769f211b5ae6da578053b5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							0169007700cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018d8b4822a80000040300483046022100bdea440d565c5b6c708dc2966ce50292dd908290e512afe67ffed85c9bdfca0e022100fe18109c6e37b21825325bf52f5457ba9e6451ad0899c91fe2d999a1dca4a0d5007600a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018d8b4822d1000004030047304502201e6486725abc10f69095122303fc6d2b80668a3d8d826914a3d9cb22dd2235dd02210094fe9a3d96d8d10c400591d593c8e654a6945fd67e14d82751b6ce57be223b600076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018d8b4822dc00000403004730450220625687ca66b34f08788ae5a79dd72948a32563d334a3bc6698c5af3a93a5faed022100f94799a253f207dd9f9e9f0a4dec40d0850978ce41a072cb31d99f7f498035a7
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1613 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '45stclair.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'admin.jhrpsportal.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'admin5.jhnavigator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'agent-stg.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'apps-test.johnhancockinsurance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'assets.jhnavigator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'assets.jhrps.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ciamverification.registration.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'crverifyidentity.registration.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'data.igpinfo.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev-pdf.jhinvestments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.illustrationservicesportal.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.jhadvancedmarkets.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.jhillust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.jhinforcedownload.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fwat.jhmylearningcenter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'igpinfo.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jh401kideas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhancockretirementplanservices.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhapim.portal.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhcashoutcalculator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhdiscover.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhemarketing-info.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhillust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhmylearningcenter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhnavigator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhretirementadvisor.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhrps.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhrpsportal.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jhvitality.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'patternlab.jhrps.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'provider.registration.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.tmp.mysales.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sales-stg.manulifebermuda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.identity.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.jhadvancedmarkets.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.jhillust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.jhinforcedownload.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg.tmp.mysales.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.identity.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.identity.johnhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.jhadvancedmarkets.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.jhannuities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.jhillust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.jhinforcedownload.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.johnhancockvitality.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'testc.partnerlink.jhancock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat.data.igpinfo.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.45stclair.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.data.igpinfo.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.igpinfo.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jh401kideas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhancockretirementplanservices.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhauditpackage.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhcashoutcalculator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhdiscover.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhemarketing-info.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhillust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhmylearningcenter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhnavigator.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhretirementadvisor.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhrps.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jhrpsportal.com'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0090985c5e75a578102db076c91fecb03328a31d4197dca5f1d7c2b0dd547154fa86779d3561c4afabedb21fb6ebb046c9d58840bfcb94c251eb1ddf1e77185a18529c0110f8984af60460885022e497c8745dd2575a35eea5b5c828b03eabd906f70bbdd826f4488f1d9726c0805e5093bdfb85b9fe60f18f2e857bab9291cef6fe916f8d11c5452bbc2e4c728dca1b3dced47b4e3ad1f9f94cf17f4dbf03acd3253873212ae2137f2490cac075c732964b15c705d14d2f876f9122c279c434bd7b9aa0f220b1c8cd2d024266a9af864de2c03e6bf3258e424a50a14388b2b09afcd2bb8f38a251928a5b5973cdee17daaf8139076b05bf1be8486402e7dfcb0c