Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
558
Views
0
Helpful
2
Replies

Cisco ACS 4.2 SSL certificate 2048bit

Tuyen Nguyen
Level 1
Level 1

‎07-09-2013 10:16 AM - edited ‎03-10-2019 08:37 PM

Greetings

We currently have Cisco ACS 4.2 running with verisign trusted SSL certificate running 1024bit.  This SSL certificate is used for PEAP and wireless users with WLC.  Since the new standard by Verisign is issuing 2048bit we can no longer renew 1024bit cerfificates.  Wondering if there is supportability for 2048bit or is there a requirement to upgrade?

Reading through various articles the existing Cisco ACS 4.2 has issues with anything above 1024bit

Note: While Cisco Secure ACS can generate key sizes greater than 1024, the use of a key larger than 1024 does not work with PEAP. Authentication might appear to pass in Cisco Secure ACS, but the client hangs while authentication is attempted.

Labels:
0 Helpful
2 Replies 2

Jatin Katyal
Cisco Employee
Cisco Employee

‎07-09-2013 11:33 AM

Yes, I'm aware of this document. However, it does work. I've seen PEAP with 2048bit certs working fine.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful

Amjad Abdullah
VIP Alumni
VIP Alumni

‎07-11-2013 12:23 AM

Tuyeh,

Greetings.

Jatin says from practical experience it work. However, I wonder if that scenario will be supported by TAC (even if it works).

To be on the safe side, it is better to open a TAC case with Cisco asking them if that scenario is supported. If it is not and any issue happened later the TAC will not help you because you are running un-supported scenario.

It is also advisable to move to a newer version of ACS (5.x) as the 4.x version is going to be out of support next year (April 2014 if I remember correctly).

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents