Firebase Auth - customized redirect domain prompts NET::ERR_CERT_COMMON_NAME_INVALID warning

Because auth.mydomain.com points to my-app-12345.firebaseapp.com via CNAME record, host of firebaseapp.com should provision SSL certificate for auth.mydomain.com. It has to be done in Firebase Hosting page even if my-app-12345 is not using Firebase Hosting. Here is step-by-step method for doing that based on Firebase's documentation:

  1. In Firebase project my-app-12345's console, click Hosting on the side menu.
  2. When Set up hosting pop-up appears, click Continue. Then click Finish.
  3. In Hosting page, click Connect domain.
  4. When Connect domain pop-up appears, enter auth.mydomain.com. Then click 'Redirect auth.mydomain.com to an existing website' checkbox. Then enter my-app-12345.firebaseapp.com. Then click Continue.
  5. When 'Add the TXT records below to your DNS provider to verify you own mydomain.com' pop-up appears, follow the instruction. And click Verify. (Verifying may take some minutes). Then click Finish.

Now auth.mydomain.com will be appeared in domain section with Pending status. It will soon be changed to Connected. And after some time, the NET::ERR_CERT_COMMON_NAME_INVALID warning issue will be gone.

P.S. With help of Firebase technical support team, I have got the answer to my own question.


just to clarify, as of Jan 6th 2020, the method above (using 'Redirect' within Firebase Hosting) doesn't work anymore.

Following something written in https://levelup.gitconnected.com/how-to-connect-a-domain-to-your-firebase-project-cd47373bad79 - we can see for Authentication, we need to use "Custom Domains" and not "Redirect"

This is because if redirection is used, the SSL signed between the exit and entry points of the custom domain and Google's authentication servers will fail the handshake.

In other words:

If you are setting it up for the first time:

  1. In Firebase project my-app-12345's console, click Hosting on the side menu.

  2. When Set up hosting pop-up appears, click Continue. Then click Finish.

  3. In Hosting page, click Connect domain.

  4. When Connect domain pop-up appears, enter auth.mydomain.com. Then do not tick 'Redirect auth.mydomain.com to an existing website' checkbox. Then enter my-app-12345.firebaseapp.com. Then click Continue.

If you've already setup a Redirect domain, and you cannot get it to work - you can simply edit the entry, and change to a "Custom" type.

Wait 10 ~ 30 minutes once that has changed to have this function properly.