Chrome OS Demo: How to manage client certificates on Chrome OS devices

Aug 24, 2023

Chrome OS Demo: How to manage client certificates on Chrome OS devices

In this demo you will learn how to configure a SCEP profile in the Google Admin console and provision certificates to manage Chrome OS devices.

These days many organizations require certificate based authentication for a secure connection to corporate resources. The Simple Certificate Enrollment Protocol (SCEP) allows for managed devices to automatically obtain user, or device certificates and use these certificates for authentication. Chrome OS now officially supports the SCEP protocol, dynamically provisioning user or device certificates onto a Chrome OS device – such as a Chromebook or Chromebox.

To learn more, visit the help center:
https://support.google.com/chrome/a/a…

To sign up for a free trial of Chrome Enterprise Upgrade visit:
https://chromeenterprise.google/os/up…\”

Content

1.25 -> [Music]

5.92 -> these days many organizations require

8.4 -> certificate-based authentication for a

10.4 -> secure connection to corporate resources

12.96 -> the simple certificate enrollment

14.559 -> protocol skep allows for managed devices

17.359 -> to automatically obtain user or device

19.6 -> certificates and use these certificates

21.76 -> for authentication chrome os now

24.16 -> officially supports the skep protocol

26.48 -> dynamically provisioning user or device

28.64 -> certificates onto chrome os devices such

31.039 -> as a chromebook or chromebox

33.6 -> in this demo you will learn how to

35.2 -> configure a skep profile in the admin

37.36 -> console and provision certificates to

39.44 -> manage chrome os devices

42.32 -> from the google admin home page click on

44.48 -> devices then networks choose the ou

47.44 -> you'd like to deploy the scap in

49.6 -> upload your organization certificates to

51.76 -> the certificate section click create

53.92 -> certificate give a name and upload the

56.48 -> certificate

59.28 -> [Music]

63.76 -> click chromebook in the certificate

65.439 -> authority box

72.799 -> click create skep profile

75.68 -> fill in a skep profile name

78.24 -> select the fully distinguished name

80.24 -> option

81.36 -> in the common name enter a user email as

83.6 -> a parameter

84.799 -> optionally fill in the other field that

86.479 -> matches your organization's skep setup

90.799 -> under the subject alternative name based

92.799 -> on your skep configuration you can

94.72 -> either add a custom field or select

96.64 -> email

97.84 -> scroll down to the skep server

99.52 -> attributes section and populate the skep

101.68 -> server url with your skep server address

104.799 -> in the same section under extended key

107.2 -> usage pick client and or server

109.6 -> authentication

111.28 -> you'd likely also require a static

113.119 -> challenge type in the next field

116.079 -> enter the certificate template name for

117.84 -> your skep

119.439 -> select the ca certificate uploaded in

121.68 -> step 4 and enable wi-fi

124.96 -> choose the chromebook user or device

126.799 -> certificate option this will determine

128.959 -> if the certificate is issued to the user

130.959 -> or to the device

132.48 -> in our case we will use the user

134.16 -> identity

135.2 -> save the skep profile

138.319 -> in the devices network section click

140.8 -> create wi-fi network

142.879 -> pick chromebooks by user as we

144.64 -> configured user id based skep here

148.879 -> populate the network name and the ssid

151.36 -> and check automatically connect

156.56 -> choose

157.56 -> 802.1x in the security type with eap-tls

162.879 -> set the username to login underscore

165.28 -> ideas parameter

167.2 -> choose the root cert and skep profile we

169.44 -> just created

170.959 -> finally save the network

174.89 -> [Music]

176.48 -> back on the main skep page click the

178.319 -> download connector

180.4 -> download the three files

185.92 -> complete the connector installation

187.599 -> inside your organization where it can

189.519 -> access the certificate server

192.64 -> to learn more visit the google chrome

194.879 -> help center

196.24 -> [Music]

201.28 -> you

Source: https://www.youtube.com/watch?v=LLnGGIwRc1U