https://community.cisco.com/t5/network-access-control/acs-and-ecc-ciphers/m-p/3557765#M440696 <HTML><HEAD></HEAD><BODY><P>Krishnan</P><P></P><P>Please elaborate how to prepare the ACS please. I am the person who ask Ben the original question for.</P><P></P><P>If this was RSA - I would place the RSA ca certificate up in the "User and Identity Stores" location and then create a CSR in the System Administration &gt; Local Server Certificate &gt; Local Certificates location, sign and complete the request in the Outstanding&nbsp; Signing Requests.</P><P></P><P>Now I am using ECC - I would place the ECC ca certificate at the User and Identity Stores location and then generate a CSR but I noticed that the key length (512, 1024, 2048, 4096) and hash digest (SHA1, SHA256) don't match attributes of ECC.</P><P></P><P>Am I missing something?</P><P></P><P>Thank-you,</P><P>Chris </P></BODY></HTML> Wed, 31 May 2017 01:45:41 GMT chris-lawrence 2017-05-31T01:45:41Z https://community.cisco.com/t5/network-access-control/acs-and-ecc-ciphers/m-p/3557763#M440694 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>does anyone has a configuration example in order to use ECC ciphers with ACS 5.8. I noticed patch 4 support ECC for AAA flows, but i am looking for a guide and/or example in order to use it for EAP-TLS authentication.</P><P>thanks in advance!</P><P></P><P>Best Regards,</P><P></P><P>Benjamin Rossignol</P></BODY></HTML> Tue, 30 May 2017 20:27:02 GMT https://community.cisco.com/t5/network-access-control/acs-and-ecc-ciphers/m-p/3557763#M440694 berossig 2017-05-30T20:27:02Z https://community.cisco.com/t5/network-access-control/acs-and-ecc-ciphers/m-p/3557764#M440695 <HTML><HEAD></HEAD><BODY><P>Hi Benjamin,</P><P></P><P>This is to support certificates that supports ECC. This can work with EAP-FAST, PEAP-TLS and EAP-TLS client authentication.</P><P>Yes, you need the root/sub-ordinate CA to be in the trusted store for the user certificate to be validated like other certificate methods.</P><P></P><P>Thanks</P><P>Krishnan</P></BODY></HTML> Wed, 31 May 2017 00:26:46 GMT https://community.cisco.com/t5/network-access-control/acs-and-ecc-ciphers/m-p/3557764#M440695 kthiruve 2017-05-31T00:26:46Z https://community.cisco.com/t5/network-access-control/acs-and-ecc-ciphers/m-p/3557765#M440696 <HTML><HEAD></HEAD><BODY><P>Krishnan</P><P></P><P>Please elaborate how to prepare the ACS please. I am the person who ask Ben the original question for.</P><P></P><P>If this was RSA - I would place the RSA ca certificate up in the "User and Identity Stores" location and then create a CSR in the System Administration &gt; Local Server Certificate &gt; Local Certificates location, sign and complete the request in the Outstanding&nbsp; Signing Requests.</P><P></P><P>Now I am using ECC - I would place the ECC ca certificate at the User and Identity Stores location and then generate a CSR but I noticed that the key length (512, 1024, 2048, 4096) and hash digest (SHA1, SHA256) don't match attributes of ECC.</P><P></P><P>Am I missing something?</P><P></P><P>Thank-you,</P><P>Chris </P></BODY></HTML> Wed, 31 May 2017 01:45:41 GMT https://community.cisco.com/t5/network-access-control/acs-and-ecc-ciphers/m-p/3557765#M440696 chris-lawrence 2017-05-31T01:45:41Z https://community.cisco.com/t5/network-access-control/acs-and-ecc-ciphers/m-p/3557766#M440699 <HTML><HEAD></HEAD><BODY><P>Hi Chris,</P><P></P><P>ECC certificates use ECDSA algorithm and not RSA as you might know.</P><P>Here is the comparison of key length between RSA and equivalent ECDSA</P><P>https://www.namecheap.com/support/knowledgebase/article.aspx/9503/38/what-is-an-ecc-elliptic-curve-cryptography-certificate</P><P>Here are few things you need to know when you are creating certificates for ACS</P><P>http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-8/release/notes/acs_58_rn.html#pgfId-454084</P><P></P><P></P><P>Here are instructions how to create a CSR using MS CA.</P><P>https://www.digicert.com/ecc-csr-creation-ssl-installation-microsoft.htm</P><P>and for apache</P><P>https://www.digicert.com/ecc-csr-creation-ssl-installation-apache.htm</P><P></P><P>Additional information on ECC</P><P>https://www.digicert.com/ecc.htm</P><P></P><P>Hope it helps.</P><P></P><P>Thanks</P><P>Krishnan</P></BODY></HTML> Wed, 31 May 2017 22:48:36 GMT https://community.cisco.com/t5/network-access-control/acs-and-ecc-ciphers/m-p/3557766#M440699 kthiruve 2017-05-31T22:48:36Z https://community.cisco.com/t5/network-access-control/acs-and-ecc-ciphers/m-p/3557767#M440701 <HTML><HEAD></HEAD><BODY><P>Thanks for this info...Chris</P><P></P><P>Sent from my iPad</P></BODY></HTML> Thu, 01 Jun 2017 00:25:12 GMT https://community.cisco.com/t5/network-access-control/acs-and-ecc-ciphers/m-p/3557767#M440701 chris-lawrence 2017-06-01T00:25:12Z