Hi,
I have some question about the EPA-TLS Authentication.
I understand that EAP-TLS provides mutual-authentication between the client wireless and the server RADIUS. During authentication the server presents a certificate with a public key to the client. The client generate a premaster_secret, encrypted it with the public key in the server certificate and transmitted it to the server. The server decrypted the premaster_secret with his private key. Then the server and the client convert the premaster_secret in a master_secret. My questions are:
How is generate the session key from the master secret, by the server and the client?
How is performed authentication with the certificate. I know the server send his certificate and the client send his certificate. But how they prove their identity? For the authentication is necessary that the certificate has a signature key?
You help will be appreciated.