Hi I've noticed that https sites using http://b.tile.osm.org/ lose the green padlock for pages that include OSM maps. On Firefox, they show the black padlock+alert sign, and the message "Warning: Connection is Not Secure" Wouldn't it be a good idea to move http://b.tile.osm.org/ to https://b.tile.osm.org/ ? Or is there an alternative ?

asked 07 May, 10:58

trevoh's gravatar image

accept rate: 0%

Stripping http from the source?


Let the browser determine the connection type.


You'll have to host the JS files yourself to make the change. There are some tile providers that use SSL.


ESRI: https://esri.github.io/esri-leaflet/examples/basemap-with-labels.html

MapQuest: https://otile2-s.mqcdn.com/tiles/1.0.0/map/{z}/{x}/{y}.png

permanent link

answered 07 May, 14:25

gfitz's gravatar image

accept rate: 0%

edited 14 May, 00:24

Two reactions to gfitz

  1. Can't change the source when tiles are called by an external program such as https://cdnjs.cloudflare.com/ajax/libs/openlayers/2.11/lib/OpenLayers.js not directly by website.

And 2 Can anyone at osm do anything to get a valid certificate ? Which would be the best solution :)

(07 May, 14:38) trevoh

Check the second edit

(07 May, 15:20) gfitz

https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png makes the difference. It shows the green padlock, whereas http://{s}.tile.osm.org/{z}/{x}/{y}.png produces the insecure connection warning. Thanks

(07 May, 15:59) trevoh

You are welcome. Please mark as solved if it helped

(07 May, 16:09) gfitz

osm.org points to the same place as openstreetmap.org - it's always just been a shortcut to it. The certificates on those sites is for "(something).openstreetmap.org". If you have a look at the https certificate associated with a random tile such as "https://a.tile.osm.org/9/253/166.png" you'll see that it is for "tile.openstreetmap.org". Clearly this "doesn't match", so you end up with the browser warning.

Back when OpenStreetMap served http tiles no error would occur, though you'd get the same tiles as if you'd asked for http://b.tile.openstreetmap.org/. Now the same tiles are served, but over https, and the certificate doesn't match.

The question, of course, is why is anything referring to http://b.tile.osm.org/ in the first place? Presumably someone's defined a tile layer (in e.g. LeafLet or OpenLayers) using that, and it needs to be changed from "osm.org" to "openstreetmap.org". If you can let people know where you're getting this error they may be able to investigate further.

permanent link

answered 13 May, 20:57

SomeoneElse's gravatar image

SomeoneElse ♦
accept rate: 15%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 07 May, 10:58

question was seen: 209 times

last updated: 14 May, 00:24

powered by OSQA