Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Chrome OS no longer able to manually import Root CA Certificate

Tried to add a certificate to an unmanaged Chromebook device with latest Chrome OS version (someone brought in their own device). Followed the steps as we have used for years. Download the CRT file and open Chrome Security settings and under manager certificates chose Import and selected our CRT file we have been using forever. Chrome OS says file type unsupported and does not let us continue. This same file is pushed out via our managed devices and works fine. I then updated one our managed Chromebook to the latest version and get he same message. Not sure if Google updated and broke something. Anyone else have this issue and possibly a fix?



This thread was automatically locked due to age.
Parents
  •  ,

    You've mention that it only impacts after upgrading Chrome OS, please confirm at that time SFOS is from same version. If it is true then chances are high that it is due to Chrome OS.

    Can you provide that CRT file so we can confirm? Because Chrome OS does not support DER format certificate.

  • The format is a .crt file. This used to work and was our default process for devices not part of our Google assets. We could manually import the certificate authority and it would allow it. Now it says, for the same file we've used for years and is still valid, file type not supported. I never thought it was Sophos causing the issue. I'm almost certain it is a Google change that is causing it. I was looking to see if anyone else was having the issue and if possibly there was fix or workaround. I can still assign the .crt file to be pushed out to managed devices and it works, just can't do it locally on the ChromeOS device.

Reply
  • The format is a .crt file. This used to work and was our default process for devices not part of our Google assets. We could manually import the certificate authority and it would allow it. Now it says, for the same file we've used for years and is still valid, file type not supported. I never thought it was Sophos causing the issue. I'm almost certain it is a Google change that is causing it. I was looking to see if anyone else was having the issue and if possibly there was fix or workaround. I can still assign the .crt file to be pushed out to managed devices and it works, just can't do it locally on the ChromeOS device.

Children