I am setting up a dmvpn network and wish to use pki instead of wild card pre-shared keys. I have read that Cisco routers will not support certificates where any key length in the certificate chain is over 2048. I have an MS PKI where the offline root cert has a key length of 4096. Does this mean I cannot use this CA hierarchy?
I have this problem too.