Background

John Deere uses for its OFTP2 file exchange service different certificates for TLS and OFTP2 internal security (secure authentification, file encryption and file signing). This way, you cannot use the easy-to-use-mechanism of downloading the certificate from the TLS server for all services. Starting with OS4X 2018-02-19, the following error message will appear when you try to do so:

Identify the correct certificate

You must have received the certificate from John Deere via another medium, such as email. A known package is the file

JOHNDEEREPARTNERPACKAGEOFT.zip

Which contains the following files:

John_Deere_new_certificate_04_04_2017.txt
JohnDeere-Parameter.txt
JohnDeere190419.cer
ODETTE Root.cer
ODETTESHA2IssuingCA.cer

The certificate file "JohnDeere190419.cer" is what you need, since this is the end-certificate of the whole chain.