SSL Inspector/Captive Portal Ignore Rules for Chromebooks

When using Chromebooks on a network with SSL Inspector configured to "Inspect All Traffic" or "Inspect Google Traffic", you will need Ignore Rules to allow the Chromebooks to authenticate.


As of (March 30th, 2018) you will need rules for the following hosts:

accounts.google.com *gvt1.com
accounts.google.[country] gweb-gettingstartedguide.appspot.com
accounts.gstatic.com m.google.com
accounts.youtube.com omahaproxy.appspot.com
alt*.gstatic.com pack.google.com
chromeos-ca.gstatic.com policies.google.com
clients*.google.com safebrowsing*.google.com
commondatastorage.googleapis.com ssl.gstatic.com
cros-omahaproxy.appspot.com storage.googleapis.com
dl.google.com tools.google.com
dl-ssl.google.com www.googleapis.com
  www.gstatic.com

 

PLEASE NOTE: Google is known to change these addresses without warning.

 

To add the rules go to SSL Inspector Settings -> Rules -> Add Rule

The rule conditions should be "SSL: SNI Hostname" is: "<host>" and the Action should be "Ignore"

 

For example:

Follow
Was this article helpful?
1 out of 3 found this helpful
Have more questions? Submit a request

Comments

5 comments

Please sign in to leave a comment.

  • Avatar
    Adam Smith

    Did you find it unnecessary to include the dozen or so other URLs Google has as part of their white list in the instructions for SSL in your own white list?

  • Avatar
    Jaymes Driver

    I broke down and added all these sites to my allow list.

    I will test further if time allows but we are currently in a testing phase of some new hardware and we are unsure if this solution will best fit us.

  • Avatar
    Chris C

    No, Adam. We did our own testing and found that we could get it functioning with only this short list. Adding more may be required going forward but not at the time of testing.

  • Avatar
    Darrell

    This list is almost 2 years old, is it still accurate?

  • Avatar
    Collen Knickerbocker

    Darrell,
    Yes this article is still accurate. It is a living document that support updates as Google changes URL's.

Powered by Zendesk