Windows – TTLS + PAP

Windows – TTLS + PAP

To use EAP-TTLS / PAP requires the use of an 802.1X supplicant.

The following Operating Systems all include 802.1X supplicants and support EAPTTLS and PAP:

  • Apple, iOS version 3.1.3 and higher and MAC OS
  • Android v2.1 and higher and Google Chrome OS (for Chromebooks)
  • Microsoft Windows v7+ (note: Windows Mobile does not support EAP-TTLS, v8+ supports in default installation – lower only with extra software/drivers)
  • Blackberry 6A+

You can use our Profile Generator to automate user supplicant configuration (ie: iOS Profiles).


Right click on the Wlan Symbol >> Open Network and Sharing Center

Windows 10 TTLS+PAP Step 1

Click on Set up a new connection or network
Windows 10 TTLS+PAP Step 2Click on Manually connect to a wireless network
Windows 10 TTLS+PAP Step 3

Enter your Network name, select WPA2-Enterprise Security Type and AES as Encryption type. Select check-box Start this connection automatically and click Next.
Windows 10 TTLS+PAP Step 4


Click on Change connection settings
Windows 10 TTLS+PAP Step 5

Select check-box Connect automatically when this network is in range

Windows 10 TTLS+PAP Step 6

In tab Security, make sure to have Security type WPA2-Enterprise, Encryption type AES, Network authentication protocol Microsoft: EAP-TTLS, then click on Settings

If you dont see “Microsoft: EAP-TTLS” try with any other EAP-TTLS¬†(for example Intel: EAP-TTLS).
Windows 10 TTLS+PAP Step 7

Unselect check-box Enable identity privacy and make sure to have Unencrypted password (PAP) selected as Client authentication. Click OK to close the window.
Windows 10 TTLS+PAP Step 8


Click on Advanced settings and select Specify authentication mode check-box. Select User or computer authentication and click OK.
Windows 10 TTLS+PAP Step 9

Select your new connection and click Connect.
Windows 10 TTLS+PAP Step 10


Review certificate details and make sure the Server thumbprint is EE 40 43 C7 0F 33 03 2D C9 B1 A6 F2 81 49 0A 0F 30 CA EC 87. Then click Connect button.

Sometimes occurs problems with trying while having domain/server/certifikate verification enabled. If you cannot connect, try with disabled these security features.
Windows 10 TTLS+PAP Step 11

Enter your Google Apps credentials and click OK.

Username must be in format:! Anything else still breaks connection functionality. If you still cannot connect, verify if that user IS CREATED on server side on your account on console. Otherwise will wont work.

Dont enter domain! (Entering domain will break connection functionality). 
Windows 10 TTLS+PAP Step 12

If successful, you will see Connected status below your network name.

Windows 10 TTLS+PAP Step 14