This document describes the configuration required on ISE application to send SMS messages via HTTP and HTTPS methods via Clickatell SMS gateways.
It is only possible to send SMS messages to ISE guest users using email or HTTP GET method. The Http GET method to send SMS messages introduces a security concern whereby the SMS text message is included as part of the Http request URL, and easily be intercepted by a Man in the Middle
The more secure mechanisms, as compared to the HTTP GET option above, for transmitting SMS messages via HTTP and HTTPS using ISE configuration is not functional.
The Clickatell gateway does not support HTTP / HTTPS POST method to include SMS message as part of the message body. As a solution, the Clickatell REST API has now been employed to send SMS messages as body of the HTTP POST request.
The implementation within ISE for transmitting SMS messages using HTTPS has now been fixed
These fixes are available as part of these ISE releases and patches :
The ISE admin has to login to the Clickatell SMS portal and set up a REST API, and the id of that API has to be used while sending the SMS messages over HTTP/S requests
The values of mo=1 and x-version=1
The “From” phone number is provided by the Clickatell SMS two way account ( this type of account and having a From number is mandatory in the US region by law ). Even in regions such as India, with one way SMS a From number must be used ( which can be obtained from the Clickatell SMS portal or working with the Clickatell helpdesk ). The use of “From” number incurs additional cost compared to sending a one way SMS but is the recommended approach from a security and message credibility standpoint.
The “From” phone number can be entered on an ISE portal page either in a format (country-code) (phone number) for e.g. 15556661212 or in the E.164 format +15556661212
Send SMS Using HTTPS GET Method
The ISE application already supports sending SMS messages to the Clickatell SMS gateway
Using the HTTP GET method. The below configuration is for HTTPS GET method where everything else remains same as for HTTP GET except:
the Clickatell certificate has to be imported into the ISE certificate trust-store
the URL starts with HTTPS
While importing the certificates,
We Need to ensure the Serial Number of Thawte Primary Root CA which we are having by default (in our trusted store) and api.clickatell.com’s Thawte Primary Root CA’s Serial number matches.
Thawte Primary Root CA issued Certificates to Thawte SSL CA – G2 and also Thawte SSL CA – G3 (G2 to api.clickatell.com & G3 to Clickatell.com). If we import G3, things fail as Trust in cert chain breaks. It is mandatory to import G2 certificate.
And finally, there is a wild card certificate issued to Clickatell (for all its services) than the regular certificate. Imported *.clickatell.com too in to the trusted chain of certificates.
Hi, I have a WS-C3650-48PS IOS 03.07.04E cat3k_caa-universalk9. The following appears in a network security report: The host transmits UDP packets with a constant IP Identification field. This behavior may be exploited to discover the opera...
Hi, I have a Cisco ASA 5516-X with AnyConnect Premium. My home network is around 120 Mbps download and 20 Mbps upload and in the office we have a 200 Mbps leased line but whenever I download or upload a file to the server my transfer speed tends to b...
Hi,One of our customers has strange fiber internet connection. Basically, I have to assign IP address to physical WAN interface (X.X.X.2/30) which I can’t use for anything. I have another scope of usable IP address Y.Y.Y.1/29 but if I assign IP address Y....
Random authentication fails. Ssers will generally authnticate but randomly don't . affecting various users all random. 5400 Authentication failed15039 Rejected Per authorization ProfileThe Authorization profile though has never changed.They are on ve...