Difference between revisions of "OFTP2 - John Deere"
Line 1: | Line 1: | ||
+ | = Version history = | ||
+ | *2018-02-18: First writing of this document | ||
+ | This document refers to information received from our customers. The mentioned certificate is valid since 1st of March 2017 and will expire at 19th of April 2019. | ||
+ | |||
= Background = | = Background = | ||
John Deere uses for its OFTP2 file exchange service different certificates for TLS and OFTP2 internal security (secure authentification, file encryption and file signing). This way, you cannot use the easy-to-use-mechanism of downloading the certificate from the TLS server for all services. Starting with OS4X 2018-02-19, the following error message will appear when you try to do so: | John Deere uses for its OFTP2 file exchange service different certificates for TLS and OFTP2 internal security (secure authentification, file encryption and file signing). This way, you cannot use the easy-to-use-mechanism of downloading the certificate from the TLS server for all services. Starting with OS4X 2018-02-19, the following error message will appear when you try to do so: | ||
Line 15: | Line 19: | ||
The certificate file "JohnDeere190419.cer" is what you need, since this is the end-certificate of the whole chain. | The certificate file "JohnDeere190419.cer" is what you need, since this is the end-certificate of the whole chain. | ||
+ | |||
+ | = Configure certificate at partner = | ||
+ | When editing the partner, click on "Configure" beside the "OFTP2" protocol setting: | ||
+ | |||
+ | [[File:Google ChromeScreenSnapz469.png]] | ||
+ | |||
+ | Select "AES256 SHA1" as cipher suite for all services. Afterwards, activate the following services: | ||
+ | *Enable file signing | ||
+ | *Enable ile encryption | ||
+ | *Enable secure authentification | ||
+ | |||
+ | The field at the right of the checkboxes displays that certificate information are missing: | ||
+ | |||
+ | [[File:Google ChromeScreenSnapz470.png]] | ||
+ | |||
+ | Click on the button "Upload certificate" and select the identified certificate file "JohnDeere190419.cer". Afterwards, everything is configured well and your OFTP2 configuration is waiting for a first transmission test. |
Revision as of 12:33, 19 February 2018
Version history
- 2018-02-18: First writing of this document
This document refers to information received from our customers. The mentioned certificate is valid since 1st of March 2017 and will expire at 19th of April 2019.
Background
John Deere uses for its OFTP2 file exchange service different certificates for TLS and OFTP2 internal security (secure authentification, file encryption and file signing). This way, you cannot use the easy-to-use-mechanism of downloading the certificate from the TLS server for all services. Starting with OS4X 2018-02-19, the following error message will appear when you try to do so:
Identify the correct certificate
You must have received the certificate from John Deere via another medium, such as email. A known package is the file
JOHNDEEREPARTNERPACKAGEOFT.zip
Which contains the following files:
John_Deere_new_certificate_04_04_2017.txt JohnDeere-Parameter.txt JohnDeere190419.cer ODETTE Root.cer ODETTESHA2IssuingCA.cer
The certificate file "JohnDeere190419.cer" is what you need, since this is the end-certificate of the whole chain.
Configure certificate at partner
When editing the partner, click on "Configure" beside the "OFTP2" protocol setting:
Select "AES256 SHA1" as cipher suite for all services. Afterwards, activate the following services:
- Enable file signing
- Enable ile encryption
- Enable secure authentification
The field at the right of the checkboxes displays that certificate information are missing:
Click on the button "Upload certificate" and select the identified certificate file "JohnDeere190419.cer". Afterwards, everything is configured well and your OFTP2 configuration is waiting for a first transmission test.