This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ Log in to ask a question

[Action Required] Review hostname exemptions requirements for TLS inspection for ChromeOS starting F

panderson
Contributor III

‎01-18-2024 06:23 AM

Can anyone tell me more about this email (assuming others have gotten it)?  I am not sure what exactly it is for or what we have to do.  Do we need to add the addresses to our filter exclusion list so they bypass filtering?  The link brings you to a page that has a bunch of steps, adding certificates to devices, etc.  Does anyone have more information on this?  reading through everything I think I am beginning to understand it, but right now I feel like I know just enough to be dangerous 🙄

0 Kudos
Reply
4 REPLIES 4

Bill_Gibson
Contributor III

‎01-18-2024 06:45 AM

Link: https://support.google.com/chrome/a/answer/6334001
E-Mail:

Dear EDU Administrator,

We are writing to let you know that starting February 2024, managed users may be unable to log-in to ChromeOS within your network following an upgrade to our sign-in infrastructure, unless you allowlist relevant hostnames.

What does this mean for your organization?

For users to work on ChromeOS devices in an enterprise network environment that utilizes TLS inspection (also known as SSL inspection), some hostnames need to be exempt from inspection, as explained in this support article.

What do you need to do?

Review and confirm that www.gstatic.com and ssl.gstatic.com are allowed in your enterprise network and exempt from TLS inspection. If these hostnames are not allowlisted, users may be unable to sign-in to their Chromebooks when connected to your enterprise network.

On February 16, 2024, the Google Team will begin an infrastructure migration that would require these hostnames.

Thanks for choosing Google for Education.

– The Google Chrome Team

Reply

panderson
Contributor III
In response to Bill_Gibson

‎01-18-2024 07:06 AM

Yea, this is the email that was confusing me.

0 Kudos
Reply

Kim_Nilsson
Admin Moderator

‎01-18-2024 06:48 AM

Talk to your network admin.

If your firewall does TLS Inspection, then you need to exclude ALL Google's addresses listed in the support article.

https://support.google.com/chrome/a/answer/6334001

 

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply

Kim_Nilsson
Admin Moderator

‎01-18-2024 06:49 AM

So, the solution is to NOT do TLS Inspection of the hosts listed in the article.

--
https://wheretofind.me/@NoSubstitute
Reply
  • © 2023 Google. All rights reserved.
  • Privacy Policy
  • Terms of Service
  • Community Guidelines