Note: Labels for fields and buttons, and how screens are organized may differ slightly from device to device, depending on the version of Android you are running. 

Part A - Install the Root and Intermediate CA certificates

1. Download the CA files to your device:

• Root CA (must be installed)
  Download link:
  Sectigo Public Server Authentication Root R46
  Save to your Downloads and rename .crt if needed.
• Intermediate CA (may be required if the RADIUS server does not provide it)
  Download link:
  Sectigo Public Server Authentication CA OV R36
  Save to Downloads and rename to .crt if needed.
  
  2. Open the certificate installer.
  
• On Android 11:
  Settings → Security → Advanced → Encryption & credentials → Install a certificate → CA certificate
• On Android 12/14:
  Settings → Security & privacy → More security settings → Encryption & credentials → Install a certificate → CA certificate 
  
  Both Root and Intermediate can be installed as CA certificates. Android 11/12/14 typically only needs the Root. If you have additional problems with authentication, installing the Intermediate as well can fix cases where the server does not present the full chain. 

3. Install the certificates

• Select each .crt file in turn, name them clearly (e.g., UofT Root R46 and UofT Intermediate R36).
• Confirm installation.
• Optional: Verify under Settings → Security → Encryption & credentials → Trusted credentials → User that both are listed. 
  
  

Part B - Re-add the UofT Wi-Fi profile

1. Forget your previous UofT networks.

• Go to Settings -> Network & internet -> Internet -. UofT-> Forget.
  
  2. Connect to UofT with these exact settings:
  
  
  • In Identity, type your UTORid OR UTORid@utoronto.ca 
  • In Password, type your UTORid password
  • For CA certificate choose Use system certificate
    
  • For online certificate status, choose Do not validate OR Request certificate status
  • For Domain, type utoronto.ca 
  • For anonymous identity, leave it blank.
  • For EAP method, it should be PEAP
  • For Minimum TLS version, choose TLSv1.2
  • For Phase 2 authentication, it should be MSCHAPV2
    
    
    
    
    
    
•  Click Connect.