https://community.cisco.com/t5/network-access-control/cisco-acs-4-2-ssl-certificate-2048bit/m-p/2251274#M111538 <P>Greetings</P><P></P><P>We currently have Cisco ACS 4.2 running with verisign trusted SSL certificate running 1024bit.&nbsp; This SSL certificate is used for PEAP and wireless users with WLC.&nbsp; Since the new standard by Verisign is issuing 2048bit we can no longer renew 1024bit cerfificates.&nbsp; Wondering if there is supportability for 2048bit or is there a requirement to upgrade?</P><P></P><P>Reading through various articles the existing Cisco ACS 4.2 has issues with anything above 1024bit</P><P></P><P style="margin-left: 36pt;"><STRONG>Note: While Cisco Secure ACS can generate key sizes greater than 1024, the use of a key larger than 1024 does not work with PEAP. Authentication might appear to pass in Cisco Secure ACS, but the client hangs while authentication is attempted.</STRONG></P> Mon, 11 Mar 2019 03:37:58 GMT Tuyen Nguyen 2019-03-11T03:37:58Z https://community.cisco.com/t5/network-access-control/cisco-acs-4-2-ssl-certificate-2048bit/m-p/2251274#M111538 <P>Greetings</P><P></P><P>We currently have Cisco ACS 4.2 running with verisign trusted SSL certificate running 1024bit.&nbsp; This SSL certificate is used for PEAP and wireless users with WLC.&nbsp; Since the new standard by Verisign is issuing 2048bit we can no longer renew 1024bit cerfificates.&nbsp; Wondering if there is supportability for 2048bit or is there a requirement to upgrade?</P><P></P><P>Reading through various articles the existing Cisco ACS 4.2 has issues with anything above 1024bit</P><P></P><P style="margin-left: 36pt;"><STRONG>Note: While Cisco Secure ACS can generate key sizes greater than 1024, the use of a key larger than 1024 does not work with PEAP. Authentication might appear to pass in Cisco Secure ACS, but the client hangs while authentication is attempted.</STRONG></P> Mon, 11 Mar 2019 03:37:58 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-4-2-ssl-certificate-2048bit/m-p/2251274#M111538 Tuyen Nguyen 2019-03-11T03:37:58Z https://community.cisco.com/t5/network-access-control/cisco-acs-4-2-ssl-certificate-2048bit/m-p/2251275#M111575 <HTML><HEAD></HEAD><BODY><P>Yes, I'm aware of this document. However, it does work. I've seen PEAP with 2048bit certs working fine.</P><P></P><P></P><P>~BR <BR />Jatin Katyal <BR /> <BR />**Do rate helpful posts**</P></BODY></HTML> Tue, 09 Jul 2013 18:33:04 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-4-2-ssl-certificate-2048bit/m-p/2251275#M111575 Jatin Katyal 2013-07-09T18:33:04Z https://community.cisco.com/t5/network-access-control/cisco-acs-4-2-ssl-certificate-2048bit/m-p/2251276#M111635 <HTML><HEAD></HEAD><BODY><P>Tuyeh,</P><P>Greetings.</P><P>Jatin says from practical experience it work. However, I wonder if that scenario will be supported by TAC (even if it works).</P><P>To be on the safe side, it is better to open a TAC case with Cisco asking them if that scenario is supported. If it is not and any issue happened later the TAC will not help you because you are running un-supported scenario.</P><P>It is also advisable to move to a newer version of ACS (5.x) as the 4.x version is going to be out of support next year (April 2014 if I remember correctly).</P><P></P><P>HTH</P><P></P><P>Amjad</P><P></P><P><SPAN style="color: blue;">Rating useful replies is more useful than saying <SPAN style="color: green;"> "<SPAN style="text-decoration: underline;">Thank you</SPAN>"</SPAN></SPAN></P></BODY></HTML> Thu, 11 Jul 2013 07:23:34 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-4-2-ssl-certificate-2048bit/m-p/2251276#M111635 Amjad Abdullah 2013-07-11T07:23:34Z