Updated on April 30, 2024

CAT Testing for the New Data Center

As part of your migration to our new Data Centers it is important to confirm that your systems are compatible with the new cryptography settings and can successfully connect to our new servers. You can validate your connection by performing a self test using the instructions below.

Your current test security credentials have been installed in the new environment, but there may be some scenarios where you will need to provide new test keys or certificates. Unless you are configured to use strict host checking the primary J.P. Morgan Host to Host keys and certificates will remain the same. If you are configured to use strict host checking, then you will also need to download and use the appropriate certificate for your assigned URL.

Depending on your firewall configuration, changes may be required. The new IPs for connections you initiate are listed below. It is recommended that you open the J.P. Morgan owned IP range of 198.36.0.0/22. If you receive files automatically pushed to you, those IP ranges will also be changing. Please allow the following IP range to continue receiving files pushed to you: 146.143.0.0/16.

Full end to end testing is not required as only the front end servers are changing. The list of steps needed to ensure compatibility with the new Data Centers can be found here: Data Center Migration Checklist.

All Production file transmissions must utilize the new Data Center by August 31, 2024 or risk disruption in service.

CAT Environment

We have two environments: CAT (Client Acceptance Testing) and Production. Each environment has multiple URLs that can be used for connectivity. Usually, the URL that you use in CAT will be similar to the URL you use in production.

Regularly scheduled maintenance windows for CAT occur Tuesday 5 p.m. – 12 a.m. ET and Thursday 5 p.m. – 12 a.m. ET. If you experience connectivity issue during these times, please retry after the window has expired.

Note: Production data should never be transmitted to the CAT environment and test data should never be sent to the production environment. In order to ensure this does not happen, we require that you give us one certificate or key for CAT, and a different certificate or key for production.

CAT environment changes are implemented prior to Production without notice.

CAT Self-Service Testing

For Self-Service testing, please follow the steps below:

  1. Connect to the J.P. Morgan Host-to-Host test server to verify connectivity.
  2. Send a digitally signed "junk text file to verify the process flow using the file naming convention below (case sensitive),
    • If the digital signature is successfully validated, an automated process will trigger an outbound file using what you originally sent.
    • If the digital signature cannot be validated, the file will not be processed.

Test URL: transmissions-uat.jpmorgan.com

Inbound Test (no process) File

Directory: /Inbound/Encrypted

File name: <H2H_PartnerID>.TEST.IN.<anything>

<H2H_PartnerID> = H2H User ID.  This would be the same ID used for Production. <anything> = any alpha numeric character including dashes, dots or underscore, but no spaces and no use of "&"

If the above file is validated, we will stage the same file for you to download (see below).

Outbound test Ack File

Directory: /Outbound/Encrypted

File name: <H2H_PartnerID>.TEST.OUT.<seq#>.<date/time>

Test URL: transmissions-uat.jpmorgan.com or the HTTPS URL assigned to you.

Inbound Test (no process) File

File name: <H2H_PARTNERID>.TEST.IN.<anything>

<H2H_PartnerID> = H2H User ID. This would be the same ID used for Production. <anything> = any alpha numeric character including dashes, dots or underscore, but no spaces and no use of "&"

File name should be presented the same location where you present it for your existing production files (e.g., Content-Type, Content-Disposition).

If the above file is validated, we will send the same file to you as the delivery URL we have for you in CAT. You may also receive the positive MDN back from us for your transmission, which can also confirm the positive delivery of the file to us.

Test URL: transmissions-uat.jpmorgan.com or the HTTPS URL assigned to you

Inbound Test (no process) File Full Deliver URL: https://transmissions-uat.jpmorgan.com/invoke/FMSPartnerInterface.inbound/httpGateway

TEST File parameters:

&jpmcDataType=TEST

&jpmcDataFormat=IN

&jpmcProtocol=HTTPS

&jpmcSecurity=PGP/Bypass (based on your security configuration)

If the above file is validated, we will stage the same file for you to download, which can be downloaded using the below parameters: URL: https://transmissions-uat.jpmorgan.com/invoke/FMSPartnerInterface.inbound/downloadJPMCData

&jpmcDataType=TEST

&jpmcDataFormat=OUT

&jpmcProtocol=HTTPS

&jpmcSecurity=PGP/Bypass (based on your security configuration)

CAT URLs

All SFTP and FTPS connections will utilize the Primary URL. AS2 and HTTPs connections could potentially use one of our other URLs. If you are unsure which URL you should be using, please contact your migration specialist.

It is recommended that you open the J.P. Morgan owned IP range of 198.36.0.0/22.

URL IP Address 1 IP Address 2 Port
SFTP/FTPS/AS2/HTTPS      
transmissions-uat.jpmorgan.com (Primary) 198.36.3.130 198.36.2.130 21,22,443 
FTPS: port 21 with 9000-9300 for passive
AS2/HTTPS      
transmissions-uat1.jpmorgan.com 198.36.3.131 198.36.2.131
443
transmissions-uat2.jpmorgan.com 198.36.3.132 198.36.2.132 443
transmissions-uat3.jpmorgan.com 198.36.3.133 198.36.2.133 443
transmissions-uat4.jpmorgan.com 198.36.3.134 198.36.2.134 443
transmissions-uat5.jpmorgan.com 198.36.3.135
198.36.2.135 443
transmissions-uat6.jpmorgan.com 198.36.3.136 198.36.2.136 443
transmissions-uat7.jpmorgan.com 198.36.3.137 198.36.2.137 443
transmissions-uat8.jpmorgan.com 198.36.3.138 198.36.2.138 443

Supported SSH Cryptography Settings

Only the following settings are supported for internet-based connections to CAT via applications that use Secure File Transfer Protocol (sFTP):

  • aes128-gcm@openssh.com
  • aes256-gcm@openssh.com
  • AES128-CTR (Support ending 2Q2025)
  • AES192-CTR (Support ending 2Q2025)
  • AES256-CTR (Support ending 2Q2025)

  • hmac-sha2-512
  • hmac-sha2-256

  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • diffie-hellman-group14-sha256
  • curve25519-sha256
  • curve25519-sha256@libssh.org

  • ecdsa-sha2-nistp256-cert-v01@openssh.com
  • ecdsa-sha2-nistp384-cert-v01@openssh.com
  • ecdsa-sha2-nistp521-cert-v01@openssh.com
  • ssh-ed25519-cert-v01@openssh.com
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • ssh-ed25519
  • ssh-rsa

Supported SSL Ciphers

CAT environment changes are implemented prior to Production without notice.

Only the following ciphers are supported for internet-based connections to CAT via applications that use:

  • File Transport Protocol Secure (FTPS)
  • Applicability Statement 2 (AS2)
  • Hypertext Transfer Protocol Secure (HTTPS)

View Supported SSL Ciphers

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

CAT Keys / Certificates

Here are the J.P. Morgan test keys and certificates. Note that we will also need your keys or certificates in order to successfully authenticate a connection. If you experience authentication failures, please contact our support team for assistance.

If you require encrypting files you transmit or if you require receiving signed files, please download the J.P. Morgan public test PGP key and rename as needed.

  • jpmch2hrsa4cat07172025.txt

If you connect via SFTP to transmissions-uat.jpmorgan.com on port 22, please download the J.P. Morgan public test key and rename as needed.

If J.P. Morgan pushes files to you via SFTP, please download the J.P. Morgan public host test key and rename as needed.

If you connect via FTPS to transmissions-uat.jpmorgan.com on port 21, please download the J.P. Morgan public test key and rename as needed.

If you connect via AS2 or HTTPS to transmissions-uat.jpmorgan.com, please download the J.P. Morgan public test certificate and rename as needed.

If you are configured to use Strict Host Checking, you will also need to download the certificate for the specific URL you are using, in addition to the primary certificate.

Please use the applicable certificate for connections to node ECGQAA by NDM via IBM® Sterling Connect:Direct® with Secure+®: