07-09-2013 10:16 AM - edited 03-10-2019 08:37 PM
Greetings
We currently have Cisco ACS 4.2 running with verisign trusted SSL certificate running 1024bit. This SSL certificate is used for PEAP and wireless users with WLC. Since the new standard by Verisign is issuing 2048bit we can no longer renew 1024bit cerfificates. Wondering if there is supportability for 2048bit or is there a requirement to upgrade?
Reading through various articles the existing Cisco ACS 4.2 has issues with anything above 1024bit
Note: While Cisco Secure ACS can generate key sizes greater than 1024, the use of a key larger than 1024 does not work with PEAP. Authentication might appear to pass in Cisco Secure ACS, but the client hangs while authentication is attempted.
07-09-2013 11:33 AM
Yes, I'm aware of this document. However, it does work. I've seen PEAP with 2048bit certs working fine.
~BR
Jatin Katyal
**Do rate helpful posts**
07-11-2013 12:23 AM
Tuyeh,
Greetings.
Jatin says from practical experience it work. However, I wonder if that scenario will be supported by TAC (even if it works).
To be on the safe side, it is better to open a TAC case with Cisco asking them if that scenario is supported. If it is not and any issue happened later the TAC will not help you because you are running un-supported scenario.
It is also advisable to move to a newer version of ACS (5.x) as the 4.x version is going to be out of support next year (April 2014 if I remember correctly).
HTH
Amjad
Rating useful replies is more useful than saying "Thank you"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide