ssl whitelist predefined-hostname chrome-hsts enable

When a user uses the Chrome to access a website host name which is in the HSTS list, the Chrome will conduct in-depth verification on the website certificate. If SSL decryption is configured on the FW, the FW modification of the website certificate will cause the Chrome to fail to verify the website certificate and cause disconnection. Therefore, add the host names in the HSTS list to the SSL host name whitelist of the FW so that the FW will not implement SSL decryption on the HTTPS connections to these websites.

This fault occurs only on the Chrome.

By default, the Chrome has a predefined HSTS list. To enable users to normally access the websites in the HSTS list using the Chrome, the FW adds the host names in the predefined HSTS list to the predefined SSL host name whitelist by default.

Items 34 to 651 in the predefined SSL host name whitelist (you can run the display ssl whitelist static command to view the list) are host names in the predefined Chrome HSTS list.

If you still need to implement SSL decryption on the HTTPS connections to these websites, run the undo ssl whitelist predefined-hostname chrome-hsts enable command to delete these host names in a batch from the predefined SSL host name whitelist.