I read that the ASA stillt doesn't support 4096 RSA keys for SSL VPN. Is this limitation also if ASA the RootCA uses a 4096 RSA Key and the Issuing CA uses 2048 RSA Key?
This will work. The root-CA is allowed to have a 4096 Bit key. That is exactly what I'm using in my own VPN-setup. The root has a 4096 bit key, while the intermediate and my identity-cert are both using 2048 bit.
