Update #6: The promotion of FTPS certificates to the ESPC OPS environment is scheduled for Wednesday, March 12th 2025. FTPS users with connections to the ESPC OPS environment ‘espdsftps-op’ and ‘espdsftps-dmz’ are encouraged to verify successful FTPS communications ASAP after the FTPS certificate promotion is complete. Reminder: The PDA I&T and CBU environments are available for testing and we strongly suggest testing in those environments if you have connections there.

 

Update #5: The promotion of FTPS certificates to the ESPC CBU environment has been successfully completed. FTPS users with connections to the ESPC CBU environment ‘espdsftps-cbu’ and ‘espdsftps-cdz’ are encouraged to test in the next 10 to 14 days before the promotion to the ESPC OPS environment takes place.

 

Update #4: The promotion of FTPS certificates to the ESPC CBU environment (Update #3) has been rescheduled for 2/20/2025 starting at  ~1500Z.

 

Update #3: ESPC is planning to promote the replacement FTPS certificates into the ESPC CBU environment tomorrow,  2/19/2025 starting at  ~1900Z. Brief disruptions to the ESPC CBU FTPS server services are expected. JPSS/IDPS systems that connect to ESPC CBU FTPS need to be configured to trust certificates issued by CA-74 and Root CA-6 OR configured to ignore certificate warnings.

 

Update #2: FTPS Certificates that support encryption of data in the PDA Test environment for both the 'espdsftps-it' and 'espdsftps-tdz' interfaces have been updated with replacements from the NOAA RA that expire in January 2028. FTPS users that have a presence in the PDA Test environment can now test against the updated certificates.

 

Update #1: PDA FTPS users need to check their certificate configuration(s) and confirm they are able to trust 'DoD Root CA 6' in addition to the DoD certs listed in the Details/Change section below.

 

Topic:  Certificate updates may affect FTPS users and require verification testing at the CBU site

 

Date/Time Issued:  March 05, 2025 2120Z

 

Product(s) or Data Impacted: All products transferred via the FTPS communication protocol

 

Date/Time of Initial Impact:  March 31, 2025 1200Z

 

Date/Time of Expected End:  N/A

 

Length of Event:  N/A, Permanent change

 

Details/Specifics of Change:  The ESPC PDA system at the CBU site will have updated SSL certificates installed that can affect FTPS communications under some conditions. The PDA Support Team is Highly Recommending that FTPS users test communications with the CBU site ASAP before Monday March 31, 2025, when the updated certificates will be implemented at the NSOF OPS site. Communication testing with the CBU site is estimated to be available in early March 2025. The two part scenario that causes failed FTPS communications is 1) the user's system is NOT set to ignore SSL certificate errors, and 2) the user does not trust the Active DoD SW CA-74 or the Active DoD SW CA-75 signing authority that the new certificates are signed by. The combination of these two issues may result in communication negotiation failures.

 

The new certificates have not yet been installed into the ESPC I&T, CBU, and OPS environments. An update to this announcement will provide information when testing for the new FTPS certificates can begin.

 

If negotiation failures are found during testing, please send an email to PDA_DHS@noaa.gov for further instruction. The PDA Support team will respond to your email Monday – Friday during normal business hours of 08:00 am EDT – 05:00 pm EDT.

 

Contact Information for Further  Information: ESPC Operations at ESPCOperations@noaa.gov and 301-817-3880.    

 

Web Site(s) for applicable information: N/A