Wireless mesh network (WMN) consists of two parts: mesh access points which are relatively static and energy-rich devices, and mesh clients which are relatively dynamic and power constrained. In this paper, we present a new model for WMN end-to-end security which divides authentication process into two phases: Mesh Access Point which is based on asymmetric cryptography and Mesh Client which is based on a server-side certificate such as EAP-TTLS.