Google Services Does Not Work in Chrome with SSL Decryption

Printer Friendly Page

Issue

With SSL Decryption configured on the Palo Alto Networks device, the following error appears when accessing a Google service from the Chrome web browser:

 

This is probably not the site you are looking for!

 

Error.png

 

Cause

Google Chrome has a built-in mechanism for Google services (such as Gmail, Google Calendar, Google Drive, and even YouTube), where services are denied if the appropriate certificate is not explicitly installed. Other web sites work without any issues.

 

Resolution

When the root certificate is imported into "Trusted Root Certification Authorities" on the end user's machine, it turns off a flag in the Chrome web browser. Google services (Gmail, Google Calendar, Google Drive, and YouTube) are then accessible.

 

Cert_Install.png

 

owner: hshah

Tags (6)
Comments

Hey thanks for the post, however I've recently tried this with the beta version of Chrome and it doesn't work.  Chrome consistently denies the connection to SSL encrypted websites.  Clear text sites are fine.  Decryption works with IE.  Any suggestions? Chrome version Version 37.0.2062.68 beta-m (64-bit).

If you haven't found resolution yes then check this article

https://live.paloaltonetworks.com/docs/DOC-6868

Thanks JP but based on the comment on that article doesn't that expose the client machine to risks outside the organization?  Would it be better to get a signed certificate by a trusted CA to enable decryption?

tajman

Thank you for the reply. When doing forward proxy decryption certificates by trusted CA's aren't supported because they will not release the private key information to you. Because you are a proxy you will need a private key to do so. I have attached a link in hopes of further explaining that process. The Proxy will establish the SSL session with the SSL website and the proxy will also establish SSL communication with the requester. See link below and let me know if this further clarifies. Thanks Tajman.

SSL Forward Proxy Decryption

SSL Forward Proxy (Man in the Middle)

Also with Chrome have you tried importing the certificate into the Trusted Root Authority for testing? when you import the certificate it should allow you access.

tajman

Also note there is a one particular version of Chrome that doesn't where the SSL Certificate import doesn't fix the issue. if you have imported the certificate and the issue is not resolved then try updating Chrome.