3) Verify TLS (or SSL) inspection works (2024)

Table of Contents
Set up TLS (or SSL) inspection on Chrome devices Before you begin Verify TLS (or SSL) inspection is working TLS inspection isn't working Verify hostname allowlist is working Sample command and output: Need more help? Try these next steps: Set up TLS (or SSL) inspection on Chrome devices

Set up TLS (or SSL) inspection on Chrome devices

Before you begin

  • Users need to sign in with an account in the domain that the device is enrolled in. For example, if the device is enrolled in the school.edu domain, the user needs to sign in with an account that uses the domain, such as user@school.edu.
  • If you have secondary Google Workspacedomain that is managed under a primary domain and the user account is in the secondary domain, you need to enroll the device in the secondary domain. The device’s enrollment domain and signed-in user’s domain must match for the pushed certificate to work.

Verify TLS (or SSL) inspection is working

  1. Sign in to a ChromeOS device with a user account in the domain where the certificate was applied.
  2. Go to a site where TLS inspection is applied by your web filter.

  3. Verify the building icon is in the address bar. Click it to see details about permissions and the connection.

    3) Verify TLS (or SSL) inspection works (1)

  4. (Optional) To see details about the certificate, click Certificate information.

    3) Verify TLS (or SSL) inspection works (2)

    See Also
    Enable Transport Layer Security (TLS) 1.2 overview - Configuration ManagerHow to enable Transport Layer Security (TLS) 1.2 on clients - Configuration Manager

TLS inspection isn't working

If TLS inspection isn't working, check if any certificates were manually installed on the device. Manually installed certificates might conflict with certificates that are deployed from your Admin console. Contact your web filter provider for advice on an alternative setup.

Verify hostname allowlist is working

1) Boot up and sign in to your Chromebook or login as guest.

2) Use the keyboard shortcut Ctrl + Alt + T to open the Crosh terminal in your browser.

3) Type:

network_diag --hosts

or, if you use a HTTP proxy:

network_diag --hosts --proxy http://192.168.1.1:8888

where http://192.168.1.1:8888 is the hostname and port of your HTTP proxy.

4) The command will attempt a TLS connection to each of the hosts in the allowlist and report PASS / FAIL. If all hosts are not passing, check your firewall / proxy to confirm the host is on the allowlist.

Sample command and output:

crosh> network_diag --hosts

checking accounts.google.com... PASS

checking accounts.gstatic.com... PASS

checking accounts.youtube.com... PASS

Was this helpful?

How can we improve it?

3) Verify TLS (or SSL) inspection works (2024)
Top Articles
The Best Rebate & Cash-Back Apps in 2023
$5,000 Invested in These 3 Stocks Should Make You a Fortune Over the Next 10 Years | The Motley Fool
A Man Called Otto Showtimes Near Showbiz Cinemas Baytown
2002 Subaru Outback LL Bean Edition for sale - Denver, CO - craigslist
Latest Posts
How To Start A Money Making Blog In 2019: Build A Profitable Blog
Travel Credit Cards | Two Wandering Soles
Article information

Author: Neely Ledner

Last Updated:

Views: 5374

Rating: 4.1 / 5 (42 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: Neely Ledner

Birthday: 1998-06-09

Address: 443 Barrows Terrace, New Jodyberg, CO 57462-5329

Phone: +2433516856029

Job: Central Legal Facilitator

Hobby: Backpacking, Jogging, Magic, Driving, Macrame, Embroidery, Foraging

Introduction: My name is Neely Ledner, I am a bright, determined, beautiful, adventurous, adventurous, spotless, calm person who loves writing and wants to share my knowledge and understanding with you.