Please note that the CME SFTP enhancement has been postponed until Saturday, May 9th. We are still on target to conduct mock testing in production on Saturday, April 11th.
Additionally, all firms that utilize public key to access CME SFTP are required to participate in Production testing on April 11th.
CME plans to install a software update to CME Secure SFTP on Saturday May 9, 2015. With this enhancement, CME will no longer support “Open SSH public key format” that is currently used by some of clearing firms to connect to CME SFTP. Instead CME will now support “SSH Public Key File Format (RFC4716)” effective May 9, 2015.
This change will impact connectivity to the following CME SFTP sites:
- Web based “sftpng.cmegroup.com” IP: 22.214.171.124.
- WAN connection to IP: 126.96.36.199.
To help with this enhancement, CME will convert the majority of the Open SSH Public Keys to SSH Public Key File Format RFC4716. Some customers with special public keys will need to convert their current keys to RFC4716 format. CME is directly reaching out to these customers and providing them with key conversion instructions.
Firms can test this enhancement now by connecting to the CME Test SFTP site. Below please find the site information and testing procedure:
- Web based site address: sftpcert.cmegroup.com;
- Web based site IP address: 188.8.131.52.
- All public keys are copied from Production to the testing site.
- Firms can connect using their public keys and using the same credentials currently used for Production SFTP site.
- Firms can send a test file into the Incoming folder
- Or Download test file “CME.Cipher.Test.xml” from the Outgoing folder.
- When the user is able to access their SFTP account, upload or download the test file, then testing is successful.
Please note the following regarding the Test SFTP site.
- Some firms who access the site for the first time might be required to add the site DNS and IP address into their firewall.
- Other firms who rely on the DNS name only for the SFTP site, may access the site without the need to add the site IP address to their firewall.
- CME doesn’t require adding the firms’ source address information for this site.
Mock Testing in Production on April 11th:
- We encourage all firms to participate in testing their connectivity in production on April 11th.
- Customers utilize Public Key are required to participate in the testing since they are impacted the most by this enhancement.
- To test this enhancement, firms are encouraged to execute some of their production upload or download jobs as they do in production.
- Any data files submitted to CME SFTP will be deleted. Similarly, firms are expected to delete any data files downloaded as part of this testing.
- Testing window is between 8:00 AM to 12:00 Noon CST.
- After testing is concluded, CME will roll back the changes and allow firms to test their connectivity following the roll back.
- If you are interested in testing in Production on April 11th, please let us know by sending an email to email@example.com.
For more information please contact CME Clearing at (312) 207-2525.
For a printer-friendly version of this advisory, please click here.