[OSM-dev] SSL-Certificate for osm.org

Oleksiy Muzalyev oleksiy.muzalyev at bluewin.ch
Mon Mar 21 08:39:57 UTC 2016

On 21/03/16 08:06, Tom Hughes wrote:
> On 21/03/16 06:16, André Riedel wrote:
>> We've got a bug report at the Chemnitzer Linux-Tage. osm.org should be
>> added as alternative name in the openstreetmap.org certificate. This
>> is important for the link shortener.
>> https://osm.org/go/0MIaEuZzQ-?m=
> Do we actually generate that name anywhere? or have you just assumed 
> that you can change it to https?
> Tom
The same here, the SSL works correctly for www.openstreetmap.org , and 
it does not work for www.osm.org

It is well known that SSL encrypts a web-page content, but it is less 
understood that the SSL also encrypts the URL itself (except the domain 
name). So with SSL (https://) people who monitor a LAN can see that 
openstreetmap.org (or osm.org) were visited, but it is not possible to 
see what part of the map was looked at, as anything after .org is 
encrypted. I read about it and probably tested it with network analyzer 

But SSL adds some additional load to web-servers. So if one just looks 
at the map in general there is no sense to use https://, but if planning 
a trip in a risky environment, for example for humanitarian workers, it 
would be safer to use SSL.


More information about the dev mailing list