We no longer support this browser. Using a supported browser will provide a better experience.

Please update your browser.

Close browser message

J.P. Morgan Host-to-Host Transmission Security

URGENT ACTION REQUIRED

SSH Cipher Remediation

On August 14, 2021 J.P. Morgan Host-to-Host will update the list of cryptography settings we will support for the SFTP protocol.  Clients using the SFTP protocol should refer to the SSH Cipher Support page for more information.

 

Upcoming Events

Q2 2021

Q3 2021

Host-to-Host Encryption and Digital Signature Upgrade

The application used to support encryption, decryption and digital signatures for files you receive from J.P. Morgan is being updated in September 2021.  Clients may be required to updated, upgrade or replace their current application used for file level security.  Please refer to the PGP Support page for more information.

Host-to-Host SSL Certificate Replacement

The SSL certificate for Host-to-Host will be replaced on September 11, 2021.  Please note that as of 2021, J.P. Morgan will renew its SSL certificates annually instead of biannually.  Please refer to the SSL Support page for more information.

Resiliency Event

In Q3 2021, J.P. Morgan Host-to-Host will be changing data centers. Please refer to the Resiliency Event page for more information.

Q4 2021

Host-to-Host PGP Key Replacement

The PGP key for Host-to-Host will be replaced on October 23, 2021.  Please refer to the PGP Support page for more information.

SSH Outbound Push Key

The Outbound SSH Safety Net will be decommissioned. The SSH Key used to push files via SFTP was replaced on June 27, 2020.  

  • We have established a Safety Net for clients who have not yet replaced their old key. 
  • If you receive files pushed to you from J.P. Morgan Host-to-Host, and have not yet updated this key, please do so immediately.
  • Failure to take action will result in the inability to receive files

Please refer to the SSH Support page for more information

 

2022 Events

Data Center Migration

Starting in Q2 2022, we will begin transitioning to new strategic data centers. All client file transmissions will be impacted.

  • You should begin preparing now by ensuring that your upcoming technology budget and resource plans account for the anticipated changes and related testing efforts.
  • Please refer to the Data Center Migration page for more information.

 

Current security standards for the J.P. Morgan Host-to-Host platform:

  • All keys used with J.P. Morgan Host-to-Host must expire in 2 years or less. All expiring keys must be renewed with unique and newly created keys not previously used with Host-to-Host. There are no exceptions to this policy.
  • Transport Layer Security version 1.2 (TLSv1.2) is the minimum standard for communication session encryption for the following applications and protocols:

   Applicability Statement 2 (AS2)

   Hypertext Transfer Protocol Secure (HTTPS)

   File Transport Protocol Secure (FTPS)

   NDM via IBM® Sterling Connect:Direct® with Secure+®

  • The Administrative Procedures for Certificates include the following standards:
    • All certificates and keys must have a finite validity period of two years or less.
    • No certificate shall be accepted unless it adheres, at minimum, to the following cryptographic specification:
      • Message digest: SHA-256, AES256.
      • Asymmetric algorithm: RSA, DSS (DSS not supported for SSH protocols).
      • Asymmetric algorithm key length: 2048 bits or more.
      • Elliptical curve algorithms are not supported at this time.

Support

Contact the Solution Center Transmissions Support team at 978-805-1200, or by emailing CAS.helpdesk@jpmchase.com, with any questions about the J.P. Morgan Host-to-Host platform. Representatives are available to assist you, 24 hours a day, Monday through Friday. Government, municipal and public sector clients should call 844-718-0643. Please note that the support team cannot advise clients on specific actions needed to make required changes to their systems. Clients should contact their application vendors for assistance.

All trademarks, trade names and service marks appearing herein are the property of their respective owners.