Set up an HTTPS certificate authority

You’ll need to set up a certificate authority to manage networks and monitor traffic for your Chrome devices. It’s important to set up a certificate authority to ensure your users can access websites that have digital certificates that can be validated by a specific certificate authority. This should be done early during your deployment to ensure users can access websites without issues.

First, you’ll need to set up the certificate authority, and then you’ll need to verify the certificate authority on your Chrome devices. For instructions, please see the steps below.

Set up a certificate authority in your Admin console

  1. Sign in to the Google Admin console.
  2. Click Device management.
  3. On the left, click Networks.
  4. Click Certificates.
  5. (Optional) On the left, choose the organizational unit where you want to add the certificate.
    Note: The top-level organization is selected by default to give all users (including those in suborganizations) access to any added certificates.
  6. Click Add Certificate.
  7. Choose the certificate file to upload and click Open.
    Note: DER-encoded certificates are not supported. Chrome devices only accept PEM format.
  8. (Optional) If the certificate will be used as a root CA for a TLS or SSL-inspecting web filter or to allow the browser to validate the full digital certificate chain of servers, under Use as a Certificate Authority for the following check the appropriate OS box.
  9. Click Save and then Done to confirm.

Verify the certificate authority on managed Chrome devices

  1. Go to chrome://settings/certificates.
  2. Click Authorities.
  3. Scroll down to see the newly-added CAs.

CAs set up in your Admin console are highlighted as follows:

Certificate manager

Was this helpful?
How can we improve it?