Hi Mike,
Did you have any joy with this?
I've been using my IPA PKI for our 802.1x infrastructure - which is working nicely for the enrolled Linux hosts.
I've been considering adding some Chrome OS into the mix, but before shelling out for some devices I've been trying to navigate both the manual and extension based install methods.
It looks like some additional Network management options including some certificate bits have been added into the Google admin console which I thought might yield a method for doing per-device certificates, and I've also been trying to make sense of if the extension based bits in
https://support.google.com/chrome/a/answer/6080885?hl=en could be made to play nicely with Dogtag.
Anyway, would be interested to hear how you're getting along,
David