How to Connect to Wi-Fi Using TTLS + PAP on Chromebook

TTLS + PAP is a secure Wi-Fi authentication method that tunnels credentials inside a TLS connection. Chromebooks support this configuration natively, making it suitable for enterprise and campus deployments.

Step-by-Step Instructions

1. Open Wi-Fi Settings

1. Click the clock (bottom-right corner of the screen).
2. Click the Wi-Fi icon to open available networks.
3. Select your enterprise Wi-Fi network or click Join other network.

2. Configure EAP-TTLS + PAP

Fill in the fields as follows:

• Security: WPA2-Enterprise
• EAP Method: TTLS
• Phase 2 Authentication: PAP
• Server CA Certificate:
  • Select your institution's or company's root certificate
  • Or choose Do not check (not secure)
• Domain: (Optional but recommended, radius.ironwifi.com)
• Identity (Username): Your login username (e.g., user@example.com)
• Anonymous Identity: Optional, e.g., anonymous@example.com
• Password: Your network password

Once all fields are filled in, click Connect.

Troubleshooting Tips

• Verify that your identity and password are correct and not expired.
• If the CA certificate is required, get it from your IT administrator.
• Ensure that the RADIUS server’s certificate includes the domain specified in the “Domain” field.
• Try restarting your Chromebook after a failed connection attempt.

Security Note

While PAP is a weak authentication method on its own, when used inside a TTLS tunnel with proper certificate validation, it is secure. Avoid using Do not check for CA certificates unless you are in a test environment.