Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2326
Views
0
Helpful
3
Replies

ACE supports 4096-bit SSL certificates?

Go to solution
Plinio Brandao
Level 1
Level 1

‎12-12-2012 12:32 PM

Hi,

I have some questions about the size of the certifcates in ACE module (ACE20). Reading the following link: http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Troubleshooting_Guide_--_Troubleshooting_SSL

I can verify this text: 4096 (high security, level 4) - For software release A2(2.4) and later in the ACE module and software release A3(2.6) and later in the ACE appliance, you can use 4096-bit SSL certificates in chaingroups and authgroups. You can also import public certificates and keys that are 4096 bits in length.

We intend to use a certificate (CA) with keys of 4096 bits and according to the text of wiki, it's possible.

But if I check the guide (http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/ssl/guide/certkeys.html), I can't see this information.

Somebody that already use certificates with 4096 bits in ACE20 module?

Thank you in advance.

Plinio

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎12-13-2012 10:16 PM

Hi Plinio,

The ACE allows a maximum public key size of 4096 bits. The maximum private key size is 2048 bits.  This is from A5(2.1) which is the latest release. In A2(3.) the maximum you can import is 2048 bits. You can configure chain groups CA's of 4096 bits but you cannot use certificate and key pair of more than 2048 bits. That is mentioned in the link you have pasted.

Regards,

Kanwal

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎12-13-2012 10:16 PM

Hi Plinio,

The ACE allows a maximum public key size of 4096 bits. The maximum private key size is 2048 bits.  This is from A5(2.1) which is the latest release. In A2(3.) the maximum you can import is 2048 bits. You can configure chain groups CA's of 4096 bits but you cannot use certificate and key pair of more than 2048 bits. That is mentioned in the link you have pasted.

Regards,

Kanwal

0 Helpful

Go to solution
Plinio Brandao
Level 1
Level 1
In response to Kanwaljeet Singh

‎12-14-2012 03:37 AM

Hi Kanwal,

Thank you for your feedback. So, just to confirm, in ACE A2(3.) the following configuration can use certificates of 4096 bits?

crypto chaingroup chaingroup1

   cert CA_cert_intermediate_3.cer

crypto authgroup Auth-Initiation

   cert CA_cert_root.cer

ssl-proxy service WebInitiation

   authgroup Auth-Initiation

And here I just can use certificate and key pair of up to 2048 bits:

ssl-proxy service POSWEBTermination-DES

   key key-des.pem

   cert DES.cer

   chaingroup chaingroup1

   ssl advanced-options POSWEB_MAPSSL

Am' I right?

Thank you again.

0 Helpful

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to Plinio Brandao

‎12-14-2012 08:09 PM

Hi Plinio,

Yes  that looks right.

Regards,

Kanwal

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card