Xtract Universal offers a feature to deliver SAP data extraction via https.You have to install a signed certificate or create a self signed certificate on your windows.

This blog describes how to set up Xtract Universal and how to configure your IIS on windows 7 to use Xtract Universal with https.
An older version of this blog has described the scenario for Xtract QV. Other windows versions may have different configuration.

Xtract Universalprovides the following server settings:

EnableSecureListener: default is no. To enable https set the kind column to individual and the value to yes.

SecureListenerPort: default is Port 8165.


After changing the settings click on Save which will restart the Xtract Universal Server.

Now you should install the ssl certificate:

– Obtain an ssl certificate from a certification authority and install it on your IIS web server. Be aware that the certificate common name must match the host name exactly. (refer to http://technet.microsoft.com/en-us/library/cc732230%28WS.10%29.aspx)

– Add a new SSL server certificate binding and corresponding client certificate policies for an IP address and port.

(refer to http://technet.microsoft.com/en-us/library/cc725882%28WS.10%29.aspx)

To test the https feature we will create a Self-Signed Certificate on Windows 7 :

  • Open IIS Manager and navigate to the level you want to manage.
  • In Features view, double-click Server Certificates.

  • In the Actions pane, click Create Self-Signed Certificate.

  • On the Create Self-Signed Certificate page, type a friendly name for the certificate in the Specify a friendly name for the certificate box, and then click OK. For more information refer to http://technet.microsoft.com/en-us/library/cc753127%28WS.10%29.aspx

Now the ssl certificate is installed. In the next step we will use the SHA hash (thumbprint) of the certificate for the configuration.

We will use the netsh prompt configure the server certificate binding and corresponding client certificate policies. Be sure to start the command prompt as administrator. Type the following command

netsh http add sslcert ipport= certhash=1c56412e86cd76751f1dfddd2af594dd1b8fb7c5 appid={5ca9af00-8fc2-4f1c-938d-a4ed5f654ccc}

where ipport specifies the IP address and port for the binding, certhash specifies the SHA hash (thumbprint) of the certificate and appid specifies any GUID to identify the owning application. For more information refer to http://technet.microsoft.com/en-us/library/cc725882%28WS.10%29.aspx#BKMK_2

Now select the extraction in Xtract Designer and select Run in Browser from the context menu. Since our ssl certificate is not issued by a trusted certificate authority, your browser may alert you. In Internet Explorer you will get the error: There is a problem with this website’s security certificate. Just click on Continue to this website (not recommended) to ignore the error.

As you can see in the web browser the URL starts with https.

Written by Khoder Elzein

Khoder is responsible for presales and always has an attentive ear for our customers, prospectives and partners. When travelling in Germany or abroad, he provides customer support at PoCs, workshops and on training courses. He also looks after the further development of our software solutions. Khoder has been working in IT since the turn of the millennium; he has been a member of team Theobald since 2009. When it comes to private interests, family, nature and reading feature at the top of his list – along with innovative fusion cuisine, as you may infer from his favourite dish of Swabian cheese noodles with tabouleh.