Could someone please clear up the topic regarding ACS and certificate key lengths for PEAP? I have not been able to confrim through research.
In the ACS documentation, it states that using a key length of >1024 will not work - it will appear to pass in the log, but the client will hang. CAs are not issuing 1024 key length certs that expire after 2013 so this is a cause for concern if what's stated in the ACS documentation is true. Various external CA's instructions for generating a cert from ACS, even for v3.x, states you can use a 2048 key length.
Question 1 - Is there signficance of whether the cert is self-signed or purchased from an external CA? Do only self-signed certs have this problem?
Question 2 - Is this specific to ACS versions? ACS v3, v4, v5 (I know v3 is no longer supported, but would like clarification)
Question 3 - Is this specific to Client OS/Service Pack versions or client supplicant vendor/versions?
So far I've tested a new 2048 cert from an external CA (expiring 2014) on ACS v4.2 and PEAP-GTC from Windows XP and worked fine.
I would like to have some confirmation on this topic please.
Thanks!
