[IMPORTANT] Please note that this site will be disabled on October 31. In it's place, the new JumpCloud Help Center is live! Check it out here!

Support Center

EAP-TTLS/PAP configuration on Windows 8/10 for JumpCloud RADIUS clients

Additional configuration is necessary if opting to use EAP-TTLS/PAP authentication for wireless clients. JumpCloud recommends when possible to utilize PEAP for authentication, as no additional configuration is necessary with rare exceptions.  Please refer to Configuring your WiFi Clients to use JumpCloud RADIUS for additional information.


For Windows 8 and above, this protocol is natively supported. Other operating systems may also have native support or may require a third party supplicant.

Download the JumpCloud RADIUS Certificate

In order for Windows to trust JumpCloud's RADIUS servers, a certificate must be installed on each client system being configured for access.  Download the JumpCloud RADIUS certificate here.

Import the JumpCloud RADIUS Certificate

  1. Select Start, type mmc, and then press ENTER
  2. On the File menu, select Add/Remove Snap-in
  3. Under Available snap-ins, select Certificates, and then select Add
  4. Select Local computer, and select Finish
  5. Select OK
  6. In the console tree, double-click Certificates
  7. Right-click the Trusted Root Certification Authorities store.
  8. Select All Tasks, select Import to import the certificate.
  9. Within the Certificate Import Wizard, select the file download above and select Next
  10. Choose to Place all certificates in the following store with a value of Trusted Root Certification Authorities
  11. Select Finish

Wireless Network Configuration

  1. Right-click the wireless icon in your task bar, and click Open Network and Sharing Center
  2. Click Set up a new connection or network
  3. Click Manually connect to a wireless network and click the Next button
  4. Populate the following:
  5. Network name: SSID name configured on the WAP/Router device
  6. Security Type: WPA2-Enterprise
  7. Encryption Type: AES
  8. Security Key: <blank>
  9. Note: Check Connect even if the network is not broadcasting if not broadcasting the RADIUS SSID
  10. Click the Next button
  11. On the Successfully added screen, click Change connection settings
  12. Click the Security tab
  13. Click the Choose a network authentication method: dropdown and select Microsoft: EAP-TTLS
  14. Click the Settings button next to authentication method.
  15. Ensure that Unencrypted password (PAP) is chosen for Select a non-EAP method for authentication
  16. From the Trusted Root Certification Authorities, choose radius.jumpcloud.com
  17. Click the OK button.
  18. (Optional for not having to supply credentials) Back on the Windows Properties window, click the Advanced settings button
  19. Choose User authentication from the authentication mode drop-down
  20. Click Save credentials which will allow you to input username and password.

Removing Wireless Network Configuration

If you choose to utilize PEAP for authentication instead of EAP-TTLS/PAP, or are possibly looking to remove the service, you will be required to delete the existing wireless connection.  After the connection has been successfully removed you may again connect to your WAP or Router device using non-EAP-TTLS methods.  No additional configuration is required for PEAP with JumpCloud RADIUS, so with the old profile removed the user may connect to networking device normally.
  1. Click the Network icon on the lower right corner of your screen
  2. Click Network settings
  3. Click Manage Wi-Fi settings
  4. Under Manage known networks, click the network you want to delete
  5. Click Forget. The wireless network profile is deleted

Last Updated: Oct 20, 2017 04:48PM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found