Distribute a certificate to Chrome devices

Complete this procedure to enable SSL inspection and distribute certificates across Chrome devices in your network.

How to

  1. Add specific hostnames to exception lists in Enterprise Threat Protector:
    1. In the ETP navigation menu, select Configuration > Lists. Click the plus sign icon.
      Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Policies > Lists. Click the icon.
    2. Select New Custom Exception List.
    3. Add these domains to the list and click Save:
      • accounts.google.com
      • accounts.google.[country]

        where [country] is the top-level domain for the country.

      • accounts.gstatic.com
      • accounts.youtube.com
      • alt*.gstatic.com2
      • clients1.google.com
      • clients2.google.com
      • clients3.google.com
      • clients4.google.com
      • commondatastorage.googleapis.com
      • cros-omahaproxy.appspot.com
      • dl.google.com
      • dl-ssl.google.com
      • gweb-gettingstartedguide.appspot.com
      • m.google.com
      • omahaproxy.appspot.com
      • pack.google.com
      • policies.google.com
      • safebrowsing-cache.google.com
      • safebrowsing.google.com
      • ssl.gstatic.com
      • storage.googleapis.com
      • tools.google.com
      • www.googleapis.com
      • www.gstatic.com
  2. Import the certificate into the Google Admin Console:
    1. In the Google Admin Console, click Device management.
    2. In the left navigation menu, click Network.
    3. Click Certificates and then click Add Certificate.
    4. Upload the certificate (.pem) file.
    5. Select Use this certificate as an HTTPS certificate authority.
    6. Click Save and then click Done. The certificate is pushed to Chrome devices.

Next steps

  1. Verify that the CA for the certificate is now on Chrome devices:
    1. In the browser address bar, go to chrome://settings/certificates.
    2. Click Authorities.
    3. Locate the CA for the certificate you added.
  2. Verify SSL inspection works properly:
    1. With a Chrome device that now contains the certificate, go to a website where SSL inspection is allowed.
    2. In the address bar, click the building icon to view connection information.