Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member



I have some question about the EPA-TLS Authentication.

I understand that EAP-TLS provides mutual-authentication between the client wireless and the server RADIUS. During authentication the server presents a certificate with a public key to the client. The client generate a premaster_secret, encrypted it with the public key in the server certificate and transmitted it to the server. The server decrypted the premaster_secret with his private key. Then the server and the client convert the premaster_secret in a master_secret. My questions are:

How is generate the session key from the master secret, by the server and the client?

How is performed authentication with the certificate. I know the server send his certificate and the client send his certificate. But how they prove their identity? For the authentication is necessary that the certificate has a signature key?

You help will be appreciated.



Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center ( or speak with a TAC engineer. You can open a TAC case online at

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

CreatePlease login to create content