diff --git a/debian/packetfence-config.postinst b/debian/packetfence-config.postinst
index f2cb0b845f6..928d74d45e0 100644
--- a/debian/packetfence-config.postinst
+++ b/debian/packetfence-config.postinst
@@ -19,6 +19,12 @@ set -e
 
 DIST=$(lsb_release -c -s)
 
+setup_system_init_key() {
+    if [ ! -f /usr/local/pf/conf/system_init_key ]; then
+        hexdump -e '/1 "%x"' < /dev/urandom | head -c 32 > /usr/local/pf/conf/system_init_key
+    fi
+}
+
 case "$1" in
     configure)
         if [ ! -f /usr/local/pf/conf/pfconfig.conf ]; then
@@ -29,10 +35,7 @@ case "$1" in
             echo "pfconfig.conf already exists, won't touch it!"
         fi
 
-        if [ ! -f /usr/local/pf/conf/system_init_key ]; then
-            hexdump -e '/1 "%x"' < /dev/urandom | head -c 32 > /usr/local/pf/conf/system_init_key
-        fi
-
+        setup_system_init_key
 	/sbin/ldconfig
         if [ ${DIST} = "jessie" ] || [ ${DIST} = "stretch" ] || [ ${DIST} = "bullseye" ] || [ ${DIST} = "bookworm" ]; then
 	    systemctl enable packetfence-config
diff --git a/debian/packetfence-config.preinst b/debian/packetfence-config.preinst
index f0a3cdca9e9..2881bb24b13 100644
--- a/debian/packetfence-config.preinst
+++ b/debian/packetfence-config.preinst
@@ -21,9 +21,15 @@ stop_service_if_exists() {
     fi
 }
 
+setup_system_init_key() {
+    if [ ! -f /usr/local/pf/conf/system_init_key ]; then
+        hexdump -e '/1 "%x"' < /dev/urandom | head -c 32 > /usr/local/pf/conf/system_init_key
+    fi
+}
 
 case "$1" in
     install)
+        setup_system_init_key
         if grep -E "^pf:" /etc/passwd > /dev/null ; then
                 echo "pf user already exist"
         else
@@ -37,6 +43,7 @@ case "$1" in
         exit 0
     ;;
     upgrade)
+        setup_system_init_key
         stop_service_if_exists packetfence-config
         set +e 
         /usr/sbin/update-rc.d -f packetfence-config remove
diff --git a/debian/packetfence.postinst b/debian/packetfence.postinst
index 12e76b5cfe9..0f1cf0a8d5b 100644
--- a/debian/packetfence.postinst
+++ b/debian/packetfence.postinst
@@ -23,8 +23,15 @@ export LC_CTYPE
 
 DIST=$(lsb_release -c -s)
 
+setup_system_init_key() {
+    if [ ! -f /usr/local/pf/conf/system_init_key ]; then
+        hexdump -e '/1 "%x"' < /dev/urandom | head -c 32 > /usr/local/pf/conf/system_init_key
+    fi
+}
+
 case "$1" in
     configure)
+        setup_system_init_key
         export PACKETFENCE=/usr/local/pf
         export PERL5LIB=/usr/local/pf/lib
         find $PACKETFENCE/conf -type f -exec chmod 664 '{}' \;
diff --git a/debian/packetfence.preinst b/debian/packetfence.preinst
index 666734fd961..4d9e7fd7bb8 100644
--- a/debian/packetfence.preinst
+++ b/debian/packetfence.preinst
@@ -51,8 +51,15 @@ rm_conffile() {
     fi
 }
 
+setup_system_init_key() {
+    if [ ! -f /usr/local/pf/conf/system_init_key ]; then
+        hexdump -e '/1 "%x"' < /dev/urandom | head -c 32 > /usr/local/pf/conf/system_init_key
+    fi
+}
+
 case "$1" in
     install)
+        setup_system_init_key
         stop_service_if_exists packetfence
         if [ -z "$(getent passwd pf)" ]; then
             if ! /usr/bin/id -g pf &>/dev/null; then
@@ -85,6 +92,7 @@ case "$1" in
     ;;
 
     upgrade)
+        setup_system_init_key
         # mv the old raddb dir if upgrading from FreeRADIUS 2
         echo "Upgrading from $2"
         if dpkg --compare-versions "$2" lt "6"; then