SSL Inspection for Chromebooks

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

SSL Inspection for Chromebooks

L3 Networker

I was having some trouble with SSL decryption on my chromebooks and after a bit of Google searching I came across this Google article and I wanted to share with others since there was nothing like this in the community. If I didn't exclude these when my chromebook booted I would just end up with a blank box and you could not login or anything. You only option was to power off. This fixed my problems.

 

https://support.google.com/chrome/a/answer/6334001

 

For Chrome devices to work on a domain with SSL inspection, some host names need to be exempt from inspection. This is because certificates can only be imported at the user level and are only honored for user-level traffic. Some device-level traffic doesn’t use the SSL certificate to protect users against certain kinds of security risks.

To ensure that Chrome devices work with SSL inspection, you need to whitelist the following host names on your proxy server. For details on how to whitelist host names, check with your web filter provider.

Updates

  • Dec 2 2015: Added host names to whitelist for single-app kiosk devices.
  • Aug 5 2015: Added accounts.gstatic.com.

Host name whitelist for all Chrome devices

accounts.google.com
accounts.gstatic.com
accounts.youtube.com
clients1.google.com
clients2.google.com
clients3.google.com
clients4.google.com
commondatastorage.googleapis.com
cros-omahaproxy.appspot.com
dl.google.com
dl-ssl.google.com
gweb-gettingstartedguide.appspot.com
m.google.com
omahaproxy.appspot.com
pack.google.com
safebrowsing-cache.google.com
safebrowsing.google.com
ssl.gstatic.com
storage.googleapis.com
tools.google.com
www.googleapis.com
www.gstatic.com

Host name whitelist for single-app kiosk devices

If you use single-app kiosk devices, whitelist the following host names in addition to the host names listed above:

cache.pack.google.com
chrome.google.com
clients2.googleusercontent.com
lh3.ggpht.com
lh4.ggpht.com
lh5.ggpht.com
lh6.ggpht.com

-Brad
2 REPLIES 2

L1 Bithead

HI Mr. Bbilut,

 

 

I'm also having this issues with my chrome book.Is it this solution works for you..If its work, can you guide me how to whitelisted all the hostname whitelist for all chrome device? I'm still a new in Paloalto Firewall.. My chrome book also managed by organization for your information

 

Host name whitelist for all Chrome devices

accounts.google.com
accounts.gstatic.com
accounts.youtube.com
clients1.google.com
clients2.google.com
clients3.google.com
clients4.google.com
commondatastorage.googleapis.com
cros-omahaproxy.appspot.com
dl.google.com
dl-ssl.google.com
gweb-gettingstartedguide.appspot.com
m.google.com
omahaproxy.appspot.com
pack.google.com
safebrowsing-cache.google.com
safebrowsing.google.com
ssl.gstatic.com
storage.googleapis.com
tools.google.com
www.googleapis.com
www.gstatic.com

Host name whitelist for single-app kiosk devices

If you use single-app kiosk devices, whitelist the following host names in addition to the host names listed above:

cache.pack.google.com
chrome.google.com
clients2.googleusercontent.com
lh3.ggpht.com
lh4.ggpht.com
lh5.ggpht.com
lh6.ggpht.com

L1 Bithead

same issue here - I have noticed that a reboot typically resolves it but not before people come and say that they can't login. 

 

 

  • 5788 Views
  • 2 replies
  • 6 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!