Certificate Key Length for PEAP - ACS

mmletzko · ‎09-05-2012

Could someone please clear up the topic regarding ACS and certificate key lengths for PEAP? I have not been able to confrim through research.

In the ACS documentation, it states that using a key length of >1024 will not work - it will appear to pass in the log, but the client will hang. CAs are not issuing 1024 key length certs that expire after 2013 so this is a cause for concern if what's stated in the ACS documentation is true. Various external CA's instructions for generating a cert from ACS, even for v3.x, states you can use a 2048 key length.

Question 1 - Is there signficance of whether the cert is self-signed or purchased from an external CA? Do only self-signed certs have this problem?

Question 2 - Is this specific to ACS versions? ACS v3, v4, v5 (I know v3 is no longer supported, but would like clarification)

Question 3 - Is this specific to Client OS/Service Pack versions or client supplicant vendor/versions?

So far I've tested a new 2048 cert from an external CA (expiring 2014) on ACS v4.2 and PEAP-GTC from Windows XP and worked fine.

I would like to have some confirmation on this topic please.

Thanks!

Lukas Bielinski · ‎07-09-2013

My ACS 5.2 is working very well with certificates with a key size of 2048 for EAP-PEAPv0 (MS-CHAPv2) authentication.

Jatin Katyal · ‎07-09-2013

Both code of ACS (4.x and 5.x) works fine with Peap and key length 2048

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

mmangat · ‎07-09-2013

Hello,

The certificate key lenght for PEAP - ACS is 2048.This works fine for me