Planning your return to office strategy? See how Chrome OS can help.

Set up TLS (or SSL) inspection on Chrome devices

2) Set up certificates

After you allowlist the host names, import your TLS or SSL certificate into the Google Admin console as a Certificate Authority (CA). Then, you deploy the certificate to your Chrome devices so they can access your production network.

Notes:

  • Do this early during your deployment to ensure users can access websites without issues.
  • LDAP:// URI are not supported yet.
  • You can add up to 50 certificates in each organizational unit.

Set up TLS or SSL certificate as a CA

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devices and on the left, click Networks.

    Requires having the Shared device settings administrator privilege.

  3. Go to Certificates.
  4. To apply the setting to all devices, leave the top organizational unit selected. Otherwise, select a child organizational unit.
  5. Click Create certificate.
  6. For Certificate, enter a name for the certificate.
  7. Click Upload.
  8. Select the PEM, CRT, or CER file.
    Note: DER-encoded certificates are not supported.
  9. Click Open.
  10. For Certificate Authority, select the platforms that the certificate is a CA for.
  11. Click Add.

Deploy the certificate to Chrome devices

To deploy the certificate, use an open guest Wi-Fi network. Your Chrome devices will authenticate to Google and receive the TLS or SSL certificate. The pushed certificate will apply to all enrolled Chrome devices on the primary domain.

Tip: To drive users to switch to your filtered production network after the certificate is downloaded, you can limit the guest network by setting a session-time limit or by restricting access to the Internet. You can also redirect users to information explaining that they must change their Wi-Fi network.

Verify the CA on managed Chrome devices

  1. Go to chrome://settings.
  2. On the left, click Privacy and security.
  3. Click Security.
  4. Scroll to Advanced.
  5. Click Manage certificates.
  6. In the list, find the newly-added CAs.
Was this helpful?
How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
Search Help Center
true
410864
false