Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACS 4.1 cert issue (2048bit?)

I am trying to install a .p7b cert on our ACS, I get 'Certificate file is in invalid or unsupported format.'

I know 2048bit certs were not supported in 3.3, is that still the case?

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: ACS 4.1 cert issue (2048bit?)

Yes it is still the case. Look at this doc and do a seach for Key Size-1024**

The doc states:

Note: The Windows 2003 Enterprise CA allows key sizes greater than 1024. But, the use of a key larger than 1024 does not work with PEAP. Authentication might appear to pass in ACS, but the client just hangs while it attempts authentication.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080545a29.shtml

-Scott
*** Please rate helpful posts ***
1 REPLY
Hall of Fame Super Silver

Re: ACS 4.1 cert issue (2048bit?)

Yes it is still the case. Look at this doc and do a seach for Key Size-1024**

The doc states:

Note: The Windows 2003 Enterprise CA allows key sizes greater than 1024. But, the use of a key larger than 1024 does not work with PEAP. Authentication might appear to pass in ACS, but the client just hangs while it attempts authentication.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080545a29.shtml

-Scott
*** Please rate helpful posts ***
460
Views
0
Helpful
1
Replies
CreatePlease to create content