Updated February 20, 2024

SSL Certificate Updates

The SSL Certificates for the FTPS protocol will be replaced after 9 p.m. ET on March 2, 2024. The new certificate is now available to download below. Please do not activate the new certificates in production until after 9 p.m. ET on March 2.

The SSL Certificates for AS2, HTTPs, and NDM protocols will be replaced after 9 p.m. ET on May 18, 2024. The new certificates will be available to download after May 7. Please do not activate the new certificates in production until after 9 p.m. ET on May 18.

FTPS Protocols:

If you connect via FTPS to transmissions.jpmorgan.com, please download the J.P. Morgan certificate and rename as needed.

The serial number for the current certificate that expires February 16, 2025 is: ‎33 21 7f f8 2f a4 b8 5f 4a 8c d5 a0 60 e3 26 01

AS2 and HTTPs Protocols:

  • If you have AS2 server-based file transmissions and both factors below apply to your setup, then you must download and use the appropriate certificate(s) for transport encryption of the communications session:
    • You are configured to use "strict host checking",  and
    • Your system is connecting to one of the URLs listed below
  • Irrespective of the host connection address in use, all AS2 clients, including AS2 clients who only receive files from J.P. Morgan, must download and use the transmissions.jpmorgan.com server certificate for payload signature validation.
  • If you have HTTPS server-based file transmissions and both factors below apply to your setup, then you must download and use the appropriate certificate(s):
    • You are using SSL client-side authentication (two-way SSL authentication), and
    • Your system is connecting to one of the URLs listed below
  • If you exchange files with Host-to-Host node ECGPRODP by NDM via IBM® Sterling Connect:Direct® with Secure+®, then you must download and use the appropriate certificate.

Be sure to use the applicable certificate for connections to node ECGPRODP by NDM via IBM® Sterling Connect:Direct® with Secure+®. The current certificates are available for download below.

For AS2 and HTTPS protocols, use:

IMPORTANT: If you must download and install the Entrust CA Root and Intermediate certificates separately, you will find them provided below. The certificate links above are chained with the same Entrust CA Root and Intermediates.

The following ciphers are supported for internet-based connections via applications that use:

 FTPS (No longer supported for new setups)

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_128_CCM (support beginning Q2 2023)
  • TLS_DHE_RSA_WITH_AES_256_CCM (support beginning Q2 2023)
  • TLS_DHE_RSA_WITH_AES_128_CCM_8 (support beginning Q2 2023)
  • TLS_DHE_RSA_WITH_AES_256_CCM_8 (support beginning Q2 2023)
  • TLS_RSA_WITH_AES_256_CBC_SHA256 (support ending Q2 2023)
  • TLS_RSA_WITH_AES_128_CBC_SHA256 (support ending Q2 2023)
  • TLS_RSA_WITH_AES_256_GCM_SHA384 (support ending Q2 2023)
  • TLS_RSA_WITH_AES_128_GCM_SHA256 (support ending Q2 2023)

AS2 and HTTPS

  • TLS_RSA_WITH_AES_128_CBC_SHA256 (support ending Q2 2023)
  • TLS_RSA_WITH_AES_256_CBC_SHA256 (support ending Q2 2023)
  • TLS_RSA_WITH_AES_256_GCM_SHA384 (support ending Q2 2023)
  • TLS_RSA_WITH_AES_128_GCM_SHA256 (support ending Q2 2023)
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (support ending Q2 2023)
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (support ending Q2 2023)
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (support ending Q2 2023)
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (support ending Q2 2023)
  • TLS_DHE_RSA_WITH_AES_128_CCM (support ending Q2 2023)
  • TLS_DHE_RSA_WITH_AES_256_CCM (support ending Q2 2023)
  • TLS_DHE_RSA_WITH_AES_128_CCM_8 (support ending Q2 2023)
  • TLS_DHE_RSA_WITH_AES_256_CCM_8 (support ending Q2 2023)

If your application does not support the available ciphers, or otherwise does not have the required encryption capabilities, then it may be necessary to change its configuration, upgrade it to current version, replace it or switch to another protocol.

Application Compatibility

Client software applications that are known to connect successfully to Host-to-Host are shown below. Note that this list may change over time, and that it is best practice to use only supported current versions of third-party applications. The use and functionality of third-party software is not controlled by J.P. Morgan and is subject to change without notice. J.P. Morgan does not recommend or endorse any of the third-party software and makes no representation, explicit or implied, as to the functionality, quality or suitability of any third-party software referenced below.

FTPS (No longer supported for new setups)

  • Axway Secure Client 5.8, 6.0, 6.1
  • Curl 7.22
  • FileZilla Client 3.10.x
  • CuteFTP Professional 9.x
  • Ipswitch WS_FTP 12.x
  • Igloo FTP PRO 3.9
  • LFTP 4.6.1
  • SmartFTP Client 3.0-6.0

AS2

  • Drummond Certified AS2 Clients