NOTICE: help.openstreetmap.org is no longer in use from 1st March 2024. Please use the OpenStreetMap Community Forum

Hi I've noticed that https sites using http://b.tile.osm.org/ lose the green padlock for pages that include OSM maps. On Firefox, they show the black padlock+alert sign, and the message "Warning: Connection is Not Secure" Wouldn't it be a good idea to move http://b.tile.osm.org/ to https://b.tile.osm.org/ ? Or is there an alternative ?

asked 07 May '18, 10:58

trevoh's gravatar image

trevoh
9223
accept rate: 0%


Stripping http from the source?

src='//b.tile.osm.org'

Let the browser determine the connection type.

Edit

You'll have to host the JS files yourself to make the change. There are some tile providers that use SSL.

https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png

ESRI: https://esri.github.io/esri-leaflet/examples/basemap-with-labels.html

MapQuest: https://otile2-s.mqcdn.com/tiles/1.0.0/map/{z}/{x}/{y}.png

permanent link

answered 07 May '18, 14:25

gfitz's gravatar image

gfitz
46347
accept rate: 0%

edited 14 May '18, 00:24

Two reactions to gfitz

  1. Can't change the source when tiles are called by an external program such as https://cdnjs.cloudflare.com/ajax/libs/openlayers/2.11/lib/OpenLayers.js not directly by website.

And 2 Can anyone at osm do anything to get a valid certificate ? Which would be the best solution :)

(07 May '18, 14:38) trevoh

Check the second edit

(07 May '18, 15:20) gfitz
2

https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png makes the difference. It shows the green padlock, whereas http://{s}.tile.osm.org/{z}/{x}/{y}.png produces the insecure connection warning. Thanks

(07 May '18, 15:59) trevoh

You are welcome. Please mark as solved if it helped

(07 May '18, 16:09) gfitz

osm.org points to the same place as openstreetmap.org - it's always just been a shortcut to it. The certificates on those sites is for "(something).openstreetmap.org". If you have a look at the https certificate associated with a random tile such as "https://a.tile.osm.org/9/253/166.png" you'll see that it is for "tile.openstreetmap.org". Clearly this "doesn't match", so you end up with the browser warning.

Back when OpenStreetMap served http tiles no error would occur, though you'd get the same tiles as if you'd asked for http://b.tile.openstreetmap.org/. Now the same tiles are served, but over https, and the certificate doesn't match.

The question, of course, is why is anything referring to http://b.tile.osm.org/ in the first place? Presumably someone's defined a tile layer (in e.g. LeafLet or OpenLayers) using that, and it needs to be changed from "osm.org" to "openstreetmap.org". If you can let people know where you're getting this error they may be able to investigate further.

permanent link

answered 13 May '18, 20:57

SomeoneElse's gravatar image

SomeoneElse ♦
36.9k71370866
accept rate: 16%

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×287
×19
×10
×1

question asked: 07 May '18, 10:58

question was seen: 12,025 times

last updated: 14 May '18, 00:24

NOTICE: help.openstreetmap.org is no longer in use from 1st March 2024. Please use the OpenStreetMap Community Forum