For Companies and Institutions

  • Commercial Banking
    We provide credit, financing, treasury and payment solutions to help your business succeed. We also offer best-in-class commercial real estate services for investors and developers.
  • Global Corporate Banking
    We help clients achieve their long-term strategic goals through financing, liquidity, payments, risk management and investment banking solutions.
  • Investment Banking
    Providing investment banking solutions, including M&A, capital raising and risk management, for a broad range of corporations, institutions and governments.
  • Payments
    Your partner for commerce, receivables, cross-currency, working capital, blockchain, liquidity and more.

Key Links

For Institutional Investors

  • Asset Management

    Putting our long-tenured investment teams on the line to earn the trust of institutional investors.

  • Markets

    Direct access to market leading liquidity harnessed through world-class research, tools, data, and analytics.

  • Securities Services

    Helping institutional investors, traditional and alternative asset and fund managers, broker dealers and equity issuers meet the demands of a rapidly evolving market.

  • Global Research

    Leveraging cutting-edge technology and innovative tools to bring clients industry-leading analysis and investment advice.

  • Prime Services

    Helping hedge funds, asset managers and institutional investors meet the demands of a rapidly evolving market.

  • Global Liquidity Solutions

    Global short-term fixed income strategies designed to help clients manage liquidity through the cycle.

Key Links

For Individuals

  • Wealth Management
    With J.P. Morgan Wealth Management, you can invest on your own or work with an advisor to design a personalized investment strategy. We have opportunities for every investor.
  • Private Bank
    A uniquely elevated private banking experience shaped around you.

Key Links

For Employers

  • Workplace Solutions

    Enhance your equity compensation offering with solutions designed to empower your employees and bring your reward strategy to life.

Key Links

Who We Serve

Key Links

All Insights

Explore a variety of insights.

Key Links

Insights by Topic

Explore a variety of insights organized by different topics.

Key Links

Insights by Type

Explore a variety of insights organized by different types of content and media.  

Key Links

About Us

We aim to be the most respected financial services firm in the world, serving corporations and individuals in more than 100 countries.

Key Links

Updated on February 20, 2026

The Partner Key Management (PKM) process is used by J.P. Morgan as a way to verify that the credentials submitted for activation on the Host-to-Host servers not only meet the requirements for validity period and key strength, but also that they have been submitted by persons duly authorized by the client.

Key strength and expiration requirements

  • All client SSH and PGP keys have a finite validity period of two years or less.
    • J.P. Morgan will set the expiry date on SSH keys when they are installed.
  • All client SSL certificates must have a maximum expiry period of 12 months.
  • Key strength must be 2048 bits minimum.
  • SSH and PGP keys must use RSA algorithm.
  • SSL certificates must use a SHA2 algorithm.
    • SSL certificates must be provided in a .p7b format
    • Enhanced Key Usage certificates must include Server Authentication and Client Authentication.
    • If the certificate is chained, the root and intermediate certificates must also be provided.
  • When naming keys, please use your company name. Do not use "J.P. Morgan" or the word "Expires" as part of the key name.

Please note that J.P. Morgan Host-to-Host will replace our SSH keys and SSL certificates annually, while our PGP key will be replaced every 2 years.

To update your test SSL certificates, SSH keys, and/or PGP keys; please send an email with the key files attached to HostToHost.Helpdesk@jpmorgan.com and include your Partner ID.

For Production, there are three options for submitting renewal keys for inspection and approval.

  • You are able to perform your renewal online via Host-to-Host on J.P. Morgan Access
  • Digital Signature or Token approval is required for this option
  • Self-activate your renewal key when you are ready to use it
  • Enrollment is required. If you do not have the necessary entitlements, please contact your service representative
  1. Login into J.P. Morgan ACCESS

a. You must have the Key Management entitlement for the applicable Host-to-Host Partner ID
b. These entitlements are managed by your company’s J.P. Morgan ACCESS Security Administrator.

  1. Click on Administration and select Key Management
  2. Identify the key to be renewed on the applicable Partner ID and click the Upload button
  1. Select either the Certificate or Token box or both for digital signature.

a. If Certificate is used, the key file must be Ascii Armor signed with your current PGP key

  1. Click the Browse button and select the applicable replacement key file and click Upload

    2. a. Filenames must not contain spaces or special characters

    b. SSH and PGP key filenames must have a .txt extension

    c. SSL certificates must be in p7b format and extension

  2. A second user with Activate entitlements should then Activate when you are ready to begin using the new key.
  3. If you are activating a PGP key, please wait 30 minutes before using the new key after it has been activated.

The use of Rapid Renewal is a secure submission process in which you use your existing credentials to submit new certificates.

  • You must be able to send a digitally signed inbound file to us.
  • You must submit new certificates prior to their existing credentials expiration.

Benefits include:

  • The elimination of documentation requirements such as the signed hardcopy and SADF validation
  • A more effective method that improves SLAs, and lowers rejection rates

Rapid Renewal Process

  1. Digitally sign your new key with your current active PGP key or X.509 certificate. 
  2. Transmit the new key as you would normally send files to J.P. Morgan, using the following naming conventions:

    3. <Partner ID>.TRANSPORT.IN.DAT (for SSH or SSL)
    <Partner ID>.PAYLOAD.IN.DAT (for PGP or x.509)

  3. Once the file is received, the digital signature will be validated, and the key will be inspected to ensure it meets acceptable criteria.
  4. An email will be sent to confirm success or failure of the validation process.

    5. a. The email will be sent to the contacts of record in Host-to-Host.
    b. Please contact your J.P. Morgan Service representative to update these contacts.

  5. If the key meets minimum requirements:
    An SSH key will be installed with a 2-year expiration.  You may begin using it immediately.
    An SSL, x509 or PGP key will be staged for activation. 
  6. SSL, x509 or PGP Only: After you receive the email indicating successful staging, transmit an activation file that is digitally signed with your current active PGP key or x509 certificate.

    7. a. The activation filename must be: <Partner ID>.ACTIVATE.IN.DAT.
    b. The content of the activation file is structured XML, as shown below.
    c. After the activation file has been successfully processed, you will receive an email, and your SSL, x509 or PGP key will be live. 
    d. The previous SSL, x509 or PGP key can no longer be used.

Activation File Contents

<?xml version="1.0"?>
<activateRapidRenewalKeyDetails>

<!—Replace ‘XXXXXX’ with your Partner ID. -->
<partnerID>XXXXXX</partnerID>

<!—Replace XXX with either PGP or SSL. -->
<keyType>PGP</keyType>

<!—Replace XXXX with either TRANSPORT or PAYLOAD. -->
<keyUsage>XXXX</keyUsage>

<!—For PGP the serialNumber is the last eight characters of the fingerprint, also called the short KeyID, of the PGP key to replace the ‘Ox1A2B3C4D’ string below.   Add '0x' at the start of the serial number if it is missing. -->

<!-- For SSL the serialNumber is the complete serial number of the new certificate to replace Ox1A2B3C4D in the string below.-->

<serialNumber>0x1A2B3C4D</serialNumber>

</activateRapidRenewalKeyDetails>

If you do not meet the criteria for Rapid Renewal, the email submission process must be used as described below. The J.P. Morgan Security Services (IMSD) group will action only those requests received from authorized individuals listed as Security Administrators using the Security Administration Designation Form (SADF). Using the SADF, you will identify the individuals with their names, mailing addresses, signatures, phone numbers and email addresses. IMSD cannot disclose security administrator or SADF information, so please contact your J.P. Morgan client service representative for further assistance with this requirement.

Email Submission Process (Requires two Security Administrators)
IMSD has a 5-business day SLA for PKM request review; please account for this when submitting requests.

Requests are actioned Monday through Friday, 8:00 a.m. to 1:00 a.m. Eastern Time.

  1. A Security Administrator should draft an email with your Host-to-Host Partner ID and Keyword "Renewal" in the subject line. In the body of the email, include a description of the action to be taken, the requested date and time the action is to be taken, and an attached zipped text file containing the key/certificate(s).
  2. The Security Administrator should then send the email to IMSD at the email address below and copy an additional Security Administrator(s) listed on the SADF.
  3. The additional Security Administrator must then ‘reply all’ to the email and approve the submission.
  4. Upon receipt of the approval email, IMSD will confirm that both Security Administrator names and email addresses match the current SADF, and that the keys and/or certificates meet minimum requirements for strength and expiration.

a. If the key/certificate is approved, IMSD will forward the approved keys for installation.

i. You will then be informed of receipt of the key file via email and the scheduled date and time for the action to take place will be confirmed or requested.

b. If the key is not approved, IMSD will notify you directly via email to indicate the rejection reason(s) and provide steps to remediate the issue, copying the associated service representatives for awareness.

J.P. Morgan
IMSD Security Operations: Key Management
Fax: 813-649-8367
Email: IMSD.Security.Operations@jpmorgan.com

Support

Contact the Solution Center Transmissions Support team at 877-494-1567, or by emailing HosttoHost.helpdesk@jpmorgan.com, with any questions about the J.P. Morgan Host-to-Host platform. Representatives are available to assist you, 24 hours a day, Monday through Friday. Government, municipal and public sector clients should call 844-718-0643. Please note that the support team cannot advise clients on specific actions needed to make required changes to their systems. Clients should contact their application vendors for assistance.