Support Center

Updating RADIUS Certificates on Existing EAP-TTLS Client Systems

Additional configuration is necessary if opting to use EAP-TTLS/PAP authentication for wireless clients. JumpCloud recommends when possible to utilize PEAP for authentication, as no additional configuration is necessary with rare exceptions.  Please refer to Configuring your WiFi Clients to use JumpCloud RADIUS for additional information.
 



The current certificate expires on October 30th, 2017, and the new certificate will need to be added in addition to the existing to ensure end users remain unaffected.  The new certificate file may be downloaded here:

Cerificiate Download
MD5 Download

 

The certificate is required when EAP-TTLS/PAP is the selected authentication method, and may in some cases be necessary for PEAP clients as well.  As with all certificates, an expiration is designated for each certificate including JumpCloud's, and there may be scenarios where a newer certificate should be added for trust on the client system to avoid end user disruptions.  While it is mentioned that some PEAP clients may also require the certificate on the client system, in general this form of authentication can be used without applying the certificate to the client system or having to consider a certificate update.

 


If this is your first time configuring a client system for EAP-TTLS/PAP, please instead refer to the following documents for guidance on initial setup:

EAP-TTLS/PAP configuration on Windows 8/10 for JumpCloud RADIUS clients
EAP-TTLS/PAP configuration on Mac & iOS Devices for JumpCloud RADIUS clients


Mac Setup


These steps assume that you have a current RADIUS certificate in-place, following the steps outlined in "EAP-TTLS/PAP configuration on Mac & iOS Devices for JumpCloud RADIUS clients" cited above.
  1. Open Apple Configurator 2 from your Applications Folder
  2. Click on Apple File Menu at the top of your screen and choose Open... and choose the existing profile
  3. Select Certificates from the left navigation
  4. Click + and select New Certificate
  5. Click on WiFi from the left navigation
  6. Click Trust
  7. Select the newly added certificate in addition to the exiting certificate
  8. Click on Apple File Menu at the top of your screen and choose Save
  9. Go to Profiles in System Preferences
  10. Click + to import the updated profile, select profile from step 8
 

Windows Setup


These steps assume that you have a current RADIUS certificate in-place, following the steps outlined in "EAP-TTLS/PAP configuration on Windows 8/10 for JumpCloud RADIUS clients​" cited above.
 

Import the JumpCloud RADIUS Certificate

 
  1. Select Start, type mmc, and then press ENTER
  2. On the File menu, select Add/Remove Snap-in
  3. Under Available snap-ins, select Certificates, and then select Add
  4. Select Local computer, and select Finish
  5. Select OK
  6. In the console tree, double-click Certificates
  7. Right-click the Trusted Root Certification Authorities store.
  8. Select All Tasks, select Import to import the certificate.
  9. Within the Certificate Import Wizard, select the newly updated RADIUS client certificate as advised by JumpCloud and select Next
  10. Choose to Place all certificates in the following store with a value of Trusted Root Certification Authorities
  11. Select Finish
Alternatively, the certificate may be imported through command-line using the below example.  This may be used in conjunction with JumpCloud Commands to import the certificate to any systems which may have the JumpCloud Agent installed.

certmgr.exe -add MyCert.cer -s -r localMachine root
 

Wireless Network Configuration

 
  1. Right-click the wireless network that was previously configured using EAP-TTLS/PAP configuration on Windows 8/10 for JumpCloud RADIUS clients and choose Properties
  2. Click the Security tab
  3. Click the Settings button next to authentication method.
  4. From the Trusted Root Certification Authorities, ensure that both the original radius.jumpcloud.com and the new imported certificate are selected
  5. Click the OK button.
 

Last Updated: Oct 23, 2017 08:39AM MDT

Related Articles
desk-forwarding@jumpcloud.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete