cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1498
Views
0
Helpful
2
Replies

PEAP, ACS 5.2, 2048-bit certs

BEN ROBINSON
Level 1
Level 1

Hello!

We just installed ACS v5.2 and have Apple iPads and iPhones getting cert errors when connceting to our wireless. We put in private certs, but it still cannot authenticate the certs when connecting to our wireless for the ACS servers because it's a private root CA.

We are trying to get public certs, but they only come in 2048-bit now, and from what I read PEAP only supports 1024, so we appear to be stuck. Anyone else running into this or have a solution... Much mahalos!

Ben

2 Replies 2

Nicolas Darchis
Cisco Employee
Cisco Employee

This thread is an example of people who managed to make 2048 bits working :

https://supportforums.cisco.com/thread/2050206

I didn't test it myself recently but haven't heard of it being a problem, ever.

Thanks for the fast reply! In one of the docs referenced, it does give this caveat.. I'm trying to check if this caveat still applies to ACS v5.2 or it's a client limitation.

"The Windows 2003 Enterprise CA allows key sizes greater than 1024. However, the use of a key larger than 1024 does not work with PEAP. Authentication might appear to pass in the ACS, but the client just hangs while it attempts authentication"

Review Cisco Networking for a $25 gift card