This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
MVP Diamond
MVP Diamond
‎2026-01-21 06:25 PM
Jump to solution

Dedicated log server upgrade verification issue

Hey guys,

I wanted to run something by you all to see if what Im thinking makes sense. So I was helping customer today with trying to upgrade brand new dedicated log server from R82 jumbo 60 to R82.10, but verification kept failing saying file sic_conf.p12 did not exist. I never seen that before, but was thinking it could be because that log server currently is not connected to the mgmt, shows error in smart console and we noticed sic is also broken.

Not 100% sure if thats required for the upgrade itself, but cant really think of anything else.

Thoughts?

Tx as always!

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
3 Solutions

Accepted Solutions
Don_Paterson
MVP Gold
MVP Gold
‎2026-01-21 11:15 PM
Jump to solution

I agree. 

Makes sense that the upgrade attempt should only be allowed on a healthy fully functioning log/management server, including SIC with the primary SMS. 

Why was SIC not working between them?

View solution in original post

Vincent_Bacher
MVP Silver
MVP Silver
‎2026-01-22 12:16 AM
In response to Vincent_Bacher
Jump to solution

I just had a little look around in the upgrade scripts. What surprises me is that I don't see any mention of the sic_conf.p12 file mentioned by Any.
When I search for the sic_cert.p12 file I found in the scripts, I see the following in the file /opt/CPupgrade-tools-R82.10/scripts/run_puv.sh referenced by migrate_server and co.:

 

# 17. Block upgrade in case sic_cert.12 file is not exists
if [ "X$MDSDIR" = "X" ]; then
  if [ "X$isManagement" == "X1" -o "X$isLogServer" == "X1" ]; then
    if [ ! -f "$CPDIR/conf/sic_cert.p12" ]; then
      if [ "X$isPrimary" != "X1" ]; then
        # file is not exists
        output="${output}\n$i. The file $CPDIR/conf/sic_cert.p12 is missing."
        i=$((i+1))
      fi
    fi
  fi
fi

 

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

View solution in original post

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-22 07:27 AM
Jump to solution

Hey boys,

As suspected, was SIC issue. We did reset sic on log server, communication worked, then upgrade to R82.10 succedded.

 

Tx as always for all your support.

Best,
Andy
"Have a great day and if its not, change it"

View solution in original post

8 Replies
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-01-21 11:09 PM
Jump to solution

I'm not familiar with this file either, but I've never had to run the verifier on a log server without an established SIC.
I mean, the SIC connection should already be established, then this error will also be gone.
However, as I am not familiar with the file or the error, I may be mistaken.

Interesting is that i don't find this file on our MLMs but files with similar names:

/var/opt/CPshrd-R82/conf/sic_local_cert.p12
/var/opt/CPshrd-R82/conf/sic_cert.p12

 

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
Don_Paterson
MVP Gold
MVP Gold
‎2026-01-21 11:38 PM
In response to Vincent_Bacher
Jump to solution

Did that search go into the DLS/CLM customer sub directories?

 

0 Kudos
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-01-21 11:47 PM
In response to Don_Paterson
Jump to solution

Yes. I did a 

find / -name "*.p12" 2>/dev/null


And found this file in the directories above and in all customers conf folders

/var/opt/CPmds-R82/customers/<customer name>/CPshrd-R82/conf/sic_local_cert.p12



and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-01-22 12:16 AM
In response to Vincent_Bacher
Jump to solution

I just had a little look around in the upgrade scripts. What surprises me is that I don't see any mention of the sic_conf.p12 file mentioned by Any.
When I search for the sic_cert.p12 file I found in the scripts, I see the following in the file /opt/CPupgrade-tools-R82.10/scripts/run_puv.sh referenced by migrate_server and co.:

 

# 17. Block upgrade in case sic_cert.12 file is not exists
if [ "X$MDSDIR" = "X" ]; then
  if [ "X$isManagement" == "X1" -o "X$isLogServer" == "X1" ]; then
    if [ ! -f "$CPDIR/conf/sic_cert.p12" ]; then
      if [ "X$isPrimary" != "X1" ]; then
        # file is not exists
        output="${output}\n$i. The file $CPDIR/conf/sic_cert.p12 is missing."
        i=$((i+1))
      fi
    fi
  fi
fi

 

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-22 04:05 AM
In response to Vincent_Bacher
Jump to solution

I will have remote with the customer in few hours, will see once we connect this log server to mgmt what happens.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Don_Paterson
MVP Gold
MVP Gold
‎2026-01-21 11:15 PM
Jump to solution

I agree. 

Makes sense that the upgrade attempt should only be allowed on a healthy fully functioning log/management server, including SIC with the primary SMS. 

Why was SIC not working between them?

the_rock
MVP Diamond
MVP Diamond
‎2026-01-22 04:06 AM
In response to Don_Paterson
Jump to solution

Long story Don. Its a large hospital and too many people involved in this...anyway, once we get sic working, will try again. Tx for the help, as always,

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-22 07:27 AM
Jump to solution

Hey boys,

As suspected, was SIC issue. We did reset sic on log server, communication worked, then upgrade to R82.10 succedded.

 

Tx as always for all your support.

Best,
Andy
"Have a great day and if its not, change it"

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events