Donnerstag, 20. Januar 2011

How to use Xtract QV with HTTPS

As of January 2010 Xtract QV offers a new feature to enable SAP data extraction via https. In this blog I will describe how to set up Xtract QV and your environment to use this new feature.

Xtract QV provides the following server settings:

- EnableSecureListener: default is no. To enable https set the kind column to individual and the value to yes.

- SecureListenerPort: default is Port 8185.

After changing the settings click on Save which will restart the Xtract QV Server.

Now you should install the ssl certificate:

- Obtain an ssl certificate from a certification authority and install it on your IIS web server. Be aware that the certificate common name must match the host name exactly. (refer to http://technet.microsoft.com/en-us/library/cc732230%28WS.10%29.aspx)

- Add a new SSL server certificate binding and corresponding client certificate policies for an IP address and port.

(refer to http://technet.microsoft.com/en-us/library/cc725882%28WS.10%29.aspx)

To test the https feature we will create a Self-Signed Certificate on Windows 7 :

  • Open IIS Manager and navigate to the level you want to manage.
  • In Features view, double-click Server Certificates.

  • In the Actions pane, click Create Self-Signed Certificate.

  • On the Create Self-Signed Certificate page, type a friendly name for the certificate in the Specify a friendly name for the certificate box, and then click OK. For more information refer to http://technet.microsoft.com/en-us/library/cc753127%28WS.10%29.aspx


Now the ssl certificate is installed. In the next step we will use the SHA hash (thumbprint) of the certificate for the configuration.

We will use the netsh prompt configure the server certificate binding and corresponding client certificate policies. Be sure to start the command prompt as administrator. Type the following command

netsh http add sslcert ipport=0.0.0.0:8185 certhash=1c56412e86cd76751f1dfddd2af594dd1b8fb7c5 appid={5ca9af00-8fc2-4f1c-938d-a4ed5f654ccc}

where ipport specifies the IP address and port for the binding, certhash specifies the SHA hash (thumbprint) of the certificate and appid specifies any GUID to identify the owning application. For more Information refer to http://technet.microsoft.com/en-us/library/cc725882%28WS.10%29.aspx#BKMK_2

Now select the extraction in Xtract QV Designer and select Run in Browser from the context menu. Since our ssl certificate is not issued by a trusted certificate authority, your browser may alert you. In Internet Explorer you will get the error: There is a problem with this website’s security certificate. Just click on Continue to this website (not recommended) to ignore the error.

As you can see in the web browser the URL starts with https.