For Chrome devices to work on a domain with SSL inspection, some host names need to be exempt from inspection. This is because certificates can only be imported at the user level and are only honored for user-level traffic. Some device-level traffic doesn’t use the SSL certificate to protect users against certain kinds of security risks.
To ensure that Chrome devices work with SSL inspection, you need to whitelist the following host names on your proxy server. For details on how to whitelist host names, check with your web filter provider.
accounts.google.com
accounts.gstatic.com
accounts.youtube.com
clients1.google.com
clients2.google.com
clients3.google.com
clients4.google.com
commondatastorage.googleapis.com
cros-omahaproxy.appspot.com
dl.google.com
dl-ssl.google.com
gweb-gettingstartedguide.appspot.com
m.google.com
omahaproxy.appspot.com
pack.google.com
safebrowsing-cache.google.com
safebrowsing.google.com
ssl.gstatic.com
storage.googleapis.com
tools.google.com
chrome.google.com
clients2.googleusercontent.com
lh3.ggpht.com
lh4.ggpht.com
lh5.ggpht.com
lh6.ggpht.com
mtalk.google.com
connectivitycheck.android.com
Here is the URL that contains this information https://support.google.com/chrome/a/answer/6334001?hl=en&ref_topic=3504941
Comments
Please sign in to leave a comment.