0

I enabled deepinspection from my firewall for HTTPS connections using a company root CA. It is well working for all sites and browsers but I found a strange behaviour by Google Chrome.

When I open google site using Chrome, the certificate is still issued by google. When I open all other sites, the certificate is issued by my localCA.

If I open Google site with all other browsers (Firefox, IE) the certificate is issued by my localCA as expected.

How can Google Chrome application bypass deepinspection for google site only?

Tobia
  • 1,272
  • 9
  • 41
  • 81

1 Answers1

0

Chrome official builds pin public certificates of Google properties. I think this overrides the usual behavior of private trust anchors. I don't know of a way to change this behavior in the official builds.

To test this is the case, try other similar browsers, perhaps Chromium or the new Chromium-based Edge. (Pinning could break stuff permanently, so it is only good for the auto-updating Chrome, and for 10 weeks after build date.)

John Mahowald
  • 32,050
  • 2
  • 19
  • 34