Cisco Support Community
Community Member

Cisco ACS 4.2 SSL certificate 2048bit


We currently have Cisco ACS 4.2 running with verisign trusted SSL certificate running 1024bit.  This SSL certificate is used for PEAP and wireless users with WLC.  Since the new standard by Verisign is issuing 2048bit we can no longer renew 1024bit cerfificates.  Wondering if there is supportability for 2048bit or is there a requirement to upgrade?

Reading through various articles the existing Cisco ACS 4.2 has issues with anything above 1024bit

Note: While Cisco Secure ACS can generate key sizes greater than 1024, the use of a key larger than 1024 does not work with PEAP. Authentication might appear to pass in Cisco Secure ACS, but the client hangs while authentication is attempted.

Cisco Employee

Cisco ACS 4.2 SSL certificate 2048bit

Yes, I'm aware of this document. However, it does work. I've seen PEAP with 2048bit certs working fine.

Jatin Katyal

**Do rate helpful posts**

~Jatin Katyal

Cisco ACS 4.2 SSL certificate 2048bit



Jatin says from practical experience it work. However, I wonder if that scenario will be supported by TAC (even if it works).

To be on the safe side, it is better to open a TAC case with Cisco asking them if that scenario is supported. If it is not and any issue happened later the TAC will not help you because you are running un-supported scenario.

It is also advisable to move to a newer version of ACS (5.x) as the 4.x version is going to be out of support next year (April 2014 if I remember correctly).



Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
CreatePlease to create content