cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1217
Views
0
Helpful
3
Replies

Certificate Key Length for PEAP - ACS

mmletzko
Level 1
Level 1

Could someone please clear up the topic regarding ACS and certificate key lengths for PEAP?  I have not been able to confrim through research. 


In the ACS documentation, it states that using a key length of >1024 will not work - it will appear to pass in the log, but the client will hang.  CAs are not issuing 1024 key length certs that expire after 2013 so this is a cause for concern if what's stated in the ACS documentation is true.  Various external CA's instructions for generating a cert from ACS, even for v3.x, states you can use a 2048 key length.


Question 1 - Is there signficance of whether the cert is self-signed or purchased from an external CA?  Do only self-signed certs have this problem?

Question 2 - Is this specific to ACS versions?  ACS v3, v4, v5 (I know v3 is no longer supported, but would like clarification)

Question 3 - Is this specific to Client OS/Service Pack versions or client supplicant vendor/versions?

So far I've tested a new 2048 cert from an external CA (expiring 2014) on ACS v4.2 and PEAP-GTC from Windows XP and worked fine. 

I would like to have some confirmation on this topic please.


Thanks!

3 Replies 3