I'm planning a simple Enterprise PKI for 802.1x port security on our cisco switch and MS NPS radius servers. I plan on using two CAs (one root and one sub CA). I will also be using the autoenrollment for workstations. I've read a lot of documents and I'm still trying to figure out that I should use for my key length?
I've seen people doing.
Root CA: 4096
SubCA: 2048
What are you guys using? Any recommendations?