HTTPS inspection exceptions for Google / Chromebooks / Play store
If you're on a network where you use deep HTTPS inspection you'll likely find some Google services do not operate correctly. I've found they don't like being inspected (I'm guessing Chrome / ChromeOS checks for a known certificate, and dislikes the SSL inspection MiTM cert) so here's a list of required exceptions. Chromebooks may also not allow a user to sign in for the first time, and installing Android apps from the Play store may also fail without these.
It took a lot of searching online and in my logs to find these, so hopefully they'll help you. Note - these may not all be needed but I sadly don't have time to pin point each one. I've listed some explicitly, despite them being included in wildcard domains.
- *.ggpht.com
- *.google.com
- *.googleapis.com
- *.googleusercontent.com
- *.gstatic.com
- *.gvt1.com
- *.gvt2.com
- android.clients.google.com
- beacons.gcp.gvt2.com
- notifications.google.com
- phonedeviceverification-pa-prod.sandbox.googleapis.com
- play.googleapis.com
- update.googleapis.com
This list is subject to change, without warning from Google.