Additional configuration is necessary if opting to use EAP-TTLS/PAP authentication for wireless clients. JumpCloud recommends when possible to utilize PEAP for authentication, as no additional configuration is necessary with rare exceptions. Please refer to Configuring your WiFi Clients to use JumpCloud RADIUS for additional information.
The current certificate expires on October 30th, 2017, and the new certificate will need to be added in addition to the existing to ensure end users remain unaffected. The new certificate file may be downloaded here:
The certificate is required when EAP-TTLS/PAP is the selected authentication method, and may in some cases be necessary for PEAP clients as well. As with all certificates, an expiration is designated for each certificate including JumpCloud's, and there may be scenarios where a newer certificate should be added for trust on the client system to avoid end user disruptions. While it is mentioned that some PEAP clients may also require the certificate on the client system, in general this form of authentication can be used without applying the certificate to the client system or having to consider a certificate update.
If this is your first time configuring a client system for EAP-TTLS/PAP, please instead refer to the following documents for guidance on initial setup:
EAP-TTLS/PAP configuration on Windows 8/10 for JumpCloud RADIUS clients
EAP-TTLS/PAP configuration on Mac & iOS Devices for JumpCloud RADIUS clients
These steps assume that you have a current RADIUS certificate in-place, following the steps outlined in "EAP-TTLS/PAP configuration on Mac & iOS Devices for JumpCloud RADIUS clients" cited above.
- Open Apple Configurator 2 from your Applications Folder
- Click on Apple File Menu at the top of your screen and choose Open... and choose the existing profile
- Select Certificates from the left navigation
- Click + and select New Certificate
- Click on WiFi from the left navigation
- Click Trust
- Select the newly added certificate in addition to the exiting certificate
- Click on Apple File Menu at the top of your screen and choose Save
- Go to Profiles in System Preferences
- Click + to import the updated profile, select profile from step 8
These steps assume that you have a current RADIUS certificate in-place, following the steps outlined in "EAP-TTLS/PAP configuration on Windows 8/10 for JumpCloud RADIUS clients" cited above.
Import the JumpCloud RADIUS Certificate
- Select Start, type mmc, and then press ENTER
- On the File menu, select Add/Remove Snap-in
- Under Available snap-ins, select Certificates, and then select Add
- Select Local computer, and select Finish
- Select OK
- In the console tree, double-click Certificates
- Right-click the Trusted Root Certification Authorities store.
- Select All Tasks, select Import to import the certificate.
- Within the Certificate Import Wizard, select the newly updated RADIUS client certificate as advised by JumpCloud and select Next
- Choose to Place all certificates in the following store with a value of Trusted Root Certification Authorities
- Select Finish
certmgr.exe -add MyCert.cer -s -r localMachine root
Wireless Network Configuration
- Right-click the wireless network that was previously configured using EAP-TTLS/PAP configuration on Windows 8/10 for JumpCloud RADIUS clients and choose Properties
- Click the Security tab
- Click the Settings button next to authentication method.
- From the Trusted Root Certification Authorities, ensure that both the original radius.jumpcloud.com and the new imported certificate are selected
- Click the OK button.