Chrome Browser No Longer Allowing SSL Inspection Cert for Google.com

A Mart
A Mart used Ask the Experts™
on
We are a K-12 school district use SSL inspection on our firewall (fortigate) to see search keywords. Users primarily use Chrome browser. We also have a lot of Chromebooks.

I first noticed that when going to google.com the Chromebooks no longer allowed the firewall cert to be inserted, only the usual *.google.com. Go to other websites and the firewall cert is inserted. I thought this might be a new Chromebook issue.

Now I see it also on desktop Chrome browser. It is also not inserting the firewall cert at google.com but only the wildcard *.google.com cert. If I go to bing.com on the Chrome browser the firewall cert is inserted. Anyone else experiencing this issue or know what I should do.

This is tremendously frustrating because we must be able to log key search words for safety and security reasons.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Kyle SantosSoftware Test Analyst I at Dassault Systemes

Commented:
Hi,

I am here to help you with your open question.  Do you still need help?  I have the ability to alert more experts if you still need help.

If you solved the problem on your own, would you please post the solution here in case others have the same problem?

If you need me to delete this question just say "Delete."

Thank you for using Experts Exchange.

Regards,

Kyle Santos
Customer Relations
IT Consultant
Commented:
The solution is to block Google QUIC UDP 443. Since QUIC uses UDP, the firewall is not able to do SSL inspection since it can only inspect TCP. By disabling QUIC, the browser automatically switches over to TCP, allowing the firewall to see the traffic, insert its own cert and allow the traffic to be seen.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial