J.P. Morgan Host-to-Host File Transmission

J.P. Morgan Host-to-Host has changed Certificate Authorities from Entrust to DigiCert.  All new new certificates will now be issued by DigiCert.  This will include new DigiCert Root and Intermediate certificates.

Our PGP key will be replaced in 3Q2025. The new key will be available for download from our H2H PGP Support page.

• All keys used with file transmission must expire in 2 years or less. All expiring keys must be renewed with unique and newly created keys and not previously used. There are no exceptions to this policy.

Our SSH key and SSL certificate used for SFTP and FTPS protocols will be replaced on December 6, 2025. The new keys will be available for download from our H2H SSH Support and H2H SSL support pages in late November.

• Transport Layer Security version 1.2 (TLSv1.2) is the minimum standard for communication session encryption for the following applications and protocols:
  • Applicability Statement 2 (AS2)
  • Hypertext Transfer Protocol Secure (HTTPS)
  • File Transport Protocol Secure (FTPS) – No longer supported for new setups
  • NDM via IBM® Sterling Connect:Direct® with Secure+®
• The Administrative Procedures for Certificates include the following standards:
  • All certificates and keys must have a finite validity period of two years or less.
    • Beginning in 2Q2025, all certificates and keys used for transport authentication must have a finite validity period of 1 year or less.
  • No certificate shall be accepted unless it adheres, at minimum, to the following cryptographic specification:
    • Message digest: SHA-256, AES256
    • Asymmetric algorithm: RSA, DSS (DSS is not supported for SSH protocols).
    • Asymmetric algorithm key length: 2048 bits or more.
    • Elliptical curve algorithms are not supported at this time.
  • Elliptical curve algorithms are not supported at this time.