Chrome Browser No Longer Allowing SSL Inspection Cert for Google.com

We are a K-12 school district use SSL inspection on our firewall (fortigate) to see search keywords. Users primarily use Chrome browser. We also have a lot of Chromebooks.

I first noticed that when going to google.com the Chromebooks no longer allowed the firewall cert to be inserted, only the usual *.google.com. Go to other websites and the firewall cert is inserted. I thought this might be a new Chromebook issue.

Now I see it also on desktop Chrome browser. It is also not inserting the firewall cert at google.com but only the wildcard *.google.com cert. If I go to bing.com on the Chrome browser the firewall cert is inserted. Anyone else experiencing this issue or know what I should do.

This is tremendously frustrating because we must be able to log key search words for safety and security reasons.
A MartIT ConsultantAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kyle SantosCustomer RelationsCommented:
Hi,

I am here to help you with your open question.  Do you still need help?  I have the ability to alert more experts if you still need help.

If you solved the problem on your own, would you please post the solution here in case others have the same problem?

If you need me to delete this question just say "Delete."

Thank you for using Experts Exchange.

Regards,

Kyle Santos
Customer Relations
0
A MartIT ConsultantAuthor Commented:
The solution is to block Google QUIC UDP 443. Since QUIC uses UDP, the firewall is not able to do SSL inspection since it can only inspect TCP. By disabling QUIC, the browser automatically switches over to TCP, allowing the firewall to see the traffic, insert its own cert and allow the traffic to be seen.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ssl cert

From novice to tech pro — start learning today.