How to generate or re-generate a certificate for Syracuse in Sage X3V12?

In this blog, we will learn how to generate or re-generate a certificate for Syracuse in Sage enterprise management, V12. When Sage X3 users work on Sage X3 ERP,  it is common to get one or more of the following error messages when installing patching, upgrading, updating, or launching Sage X3.

To resolve, Sage ERP users need to follow the resolution steps below.

Note: This only applies for Sage V7 and higher.

  • Error: “Cannot read passphrase file”
  • Error: “Passphrase cannot be decrypted”
  • Error: “Cannot read passphrase file. Maybe it has been created under another operating system user: Error: Decryption error -2146893813”
  • Error: “Passphrase has not been set”


  • The Syracuse Certification is missing, damaged, corrupted or incomplete.
  • This can also happen if the Sage X3 user has changed the password for the “sagert” login or whichever login that’s assigned to the Syracuse and X3 services. This password is encrypted and stored in various locations and should not be changed. If it is changed, X3 will run into unforeseen problems.


Note: If “nothing” changed on the Syracuse server but between logging out and in again, users receive “Error: “Cannot read passphrase file. Maybe it has been created under another operating system user: Error: Decryption error -2146893813”, try rebooting the Syracuse server.

To generate a new certificate, perform the following steps:

Log in to Windows as the service account user and take note of the computer name

  1. Open a Windows command prompt
  2. Type whoami

Screenshot #1

3. Close the command prompt

Create a new certificate and private key

  1. Using Windows explorer, navigate to and click on certgen.bat located in a location like C:\Sage\SyracuseComponent\syracuse\bin\cert_gen.
    Note: If there is an output and a private folder already in this location, delete these two folders to avoid confusion.
  2. Fill out all necessary information for Country, State, City, Organization, Name, Days of validity (use 3650)
  3. Enter a passphrase and confirm the passphrase
    Note: The cursor will not move with your typing, see screenshot #2 below-

Screenshot #2

4. Press ENTER

Screenshot #3
5. Enter 1 and press ENTER
6. Fill out the Name of the server, press ENTER for the Server name for TCP Connections, press ENTER for the Enter days of validity, fill out the Enter passphrase for the new private key, and the Confirm passphrase of the private key, enter 8124 for Port of Syracuse server.

Note: The cursor will not follow with your typing in the passphrase
Note: Recent versions of Syracuse will also prompt for a passphrase of a private key of CA certificate

Screenshot #4
7. Press ENTER
Note: Ignore the error
8. Press ENTER
9. Type 10 and press ENTER

Screenshot #5
10. Close the command prompt

Copy the Generated Files to the Correct Locations

  1. In Windows Explorer, go back to the location where you ran the certgen.bat.
  2. Open the output folder
  3. Copy 3 files (ca. cacrt, <servername>.crt (Security certificate), and the <servername>.key)
This image has an empty alt attribute; its file name is GEN6.jpg

Screenshot #6
4. Paste the three files into the..\Syracuse\certs\<servername> folder.
Note: You may need to create this folder.

Screenshot #7
5. Go back to your output folder and copy the <servername>.pem file

Screenshot #8
6. Paste the <servername>.pem file into the keys folder of the runtime installation. For example, C:\Sage\X3V11\runtime\keys.

Screenshot #9
7. Close Windows explorer

Correct the passphrase by running the passphrase.cmd

  1. Open a Windows command prompt (cmd.exe) using Run as administrator

Screenshot #10
2. In the Administrator: Command prompt navigates to the Syracuse subfolder, for example:

  1. Type cd c:\sage\syracuse\syracuse
  2. Type c:
  3. Type passphrase.cmd <YourHardPassword>
  4. Press ENTER

3. You will get a result:

Screenshot #11

Note: If you get an error: “No data for local nanny”, the Syracuse service is not started, and you need to run (double-click) the init_host.cmd from Syracuse subfolder in the Syracuse installation directory before rerunning the passphrase.cmd

Result: You should now be able to launch Sage X3 and log in successfully.

We hope this blog will help you how to generate or re-generate a certificate for Syracuse in Sage X3V12. For more informative blogs on Sage X3 V12 functions, subscribe to our newsletter now!

About Us-

Recognized for its X3 implementation and customization the world over, GerminIT is one of the oldest Sage X3 (a Sage Business Cloud Solution) development and implementation enablers and a one-stop solution provider for Sage X3 organizational needs. With a proven track record of X3 development and implementation solutions for clients across the US, UK, Middle East, Australia, Asia, and Africa, we bring complete end-to-end assistance for data migration, system integrations, technical consultations, implementation competence, third-party add-on development, and product customizations. 

With GerminIT your business will be supported with the best-in-class Sage X3 customization and development services, integrated applications such as Shipping System | eCommerce | Business Intelligence | POS | WMS | Payment Gateway, and mobile add-ons solutions. GerminIT caters to a wide range of Sage X3 offerings. Currently, we provide end-to-end support with Sage X3 implementation and customization solutions for Sage business partners, Sage PSG, and end-users worldwide. 


Cloud ERP Consultation In India


Leave a Reply

Your email address will not be published. Required fields are marked *