Showing results for 
Search instead for 
Did you mean: 

Certificate Key Length for PEAP - ACS

Level 1
Level 1

Could someone please clear up the topic regarding ACS and certificate key lengths for PEAP?  I have not been able to confrim through research. 

In the ACS documentation, it states that using a key length of >1024 will not work - it will appear to pass in the log, but the client will hang.  CAs are not issuing 1024 key length certs that expire after 2013 so this is a cause for concern if what's stated in the ACS documentation is true.  Various external CA's instructions for generating a cert from ACS, even for v3.x, states you can use a 2048 key length.

Question 1 - Is there signficance of whether the cert is self-signed or purchased from an external CA?  Do only self-signed certs have this problem?

Question 2 - Is this specific to ACS versions?  ACS v3, v4, v5 (I know v3 is no longer supported, but would like clarification)

Question 3 - Is this specific to Client OS/Service Pack versions or client supplicant vendor/versions?

So far I've tested a new 2048 cert from an external CA (expiring 2014) on ACS v4.2 and PEAP-GTC from Windows XP and worked fine. 

I would like to have some confirmation on this topic please.


3 Replies 3

Lukas Bielinski
Level 1
Level 1

My ACS 5.2 is working very well with certificates with a key size of 2048 for EAP-PEAPv0 (MS-CHAPv2) authentication.

Both code of ACS (4.x and 5.x)  works fine with Peap and key length 2048

Jatin Katyal

**Do rate helpful posts**


Level 1
Level 1


The certificate key lenght for PEAP - ACS is 2048.This works fine for me