Transport Layer Security (TLS) inspection (also known as SSL inspection) is a security feature provided by third-party web filters. It allows you to set up your web filter to detect online threats.
Tip: Set up TLS inspection early during your deployment to ensure users can access websites without issues.
Before you start
To set up TLS inspection, keep in mind:
- You need an TLS or SSL certificate from your web filter provider. Check with your provider to get the certificate. DER-encoded certificates are not supported. ChromeOS devices only accept PEM format. For popular providers, see Configure ChromeOS devices with Zscaler and how to configure Chromebooks with Barracuda.
- Web traffic should be sent to your web filter via a proxy connection. Transparent, or in-line, proxies are not supported. If you have to use one, you can allowlist *.google.com to allow all google.com requests to go through without TLS interception. However, this is an unsupported configuration. For more information, see About transparent proxies.
- Server Name Indication (SNI) is not currently supported. However, there is an open request for this feature.
- Users can’t use multiple sign-in access if TLS inspection is enabled.
