cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
821
Views
0
Helpful
3
Replies
Beginner

Certificate Key Length for PEAP - ACS

Could someone please clear up the topic regarding ACS and certificate key lengths for PEAP?  I have not been able to confrim through research. 


In the ACS documentation, it states that using a key length of >1024 will not work - it will appear to pass in the log, but the client will hang.  CAs are not issuing 1024 key length certs that expire after 2013 so this is a cause for concern if what's stated in the ACS documentation is true.  Various external CA's instructions for generating a cert from ACS, even for v3.x, states you can use a 2048 key length.


Question 1 - Is there signficance of whether the cert is self-signed or purchased from an external CA?  Do only self-signed certs have this problem?

Question 2 - Is this specific to ACS versions?  ACS v3, v4, v5 (I know v3 is no longer supported, but would like clarification)

Question 3 - Is this specific to Client OS/Service Pack versions or client supplicant vendor/versions?

So far I've tested a new 2048 cert from an external CA (expiring 2014) on ACS v4.2 and PEAP-GTC from Windows XP and worked fine. 

I would like to have some confirmation on this topic please.


Thanks!

3 REPLIES 3
Highlighted

Certificate Key Length for PEAP - ACS

My ACS 5.2 is working very well with certificates with a key size of 2048 for EAP-PEAPv0 (MS-CHAPv2) authentication.

Cisco Employee

Certificate Key Length for PEAP - ACS

Both code of ACS (4.x and 5.x)  works fine with Peap and key length 2048

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin Katyal
Beginner

Certificate Key Length for PEAP - ACS

Hello,

The certificate key lenght for PEAP - ACS is 2048.This works fine for me