Problem
Environment
- Chrome OS hostnames
- Local network filtering
Solution
For Chrome OS devices to work on a domain with TLS inspection (also known as SSL inspection), some hostnames need to be exempt from inspection. This is because certificates can only be imported at the user level and are only honored for user-level traffic. Some device-level traffic doesn’t use the TLS or SSL certificate to protect users against certain kinds of security risks.
To ensure that Chrome OS devices work with TLS inspection or networks restricting external traffic, you need to allow the hostnames listed in Set up a hostname allowlist on your proxy server. For details on how to allow hostnames, check with your web filter provider.