How secure is sending sensitive data over https?

Question

Is SSL secure enough for using sensitive data (like password) in query string? Is there any extra options to implement?

Answer 1

Self-signed certificates are SSL certificates that are created and signed by yourself. This means that you do not require a third party certificate authority (CA) to sign your certificate, but it means that browsers will, by default, throw a warning about it, since a self-signed certificate cannot reliably (your browser has a list of trusted CAs) verify that the signer of the certificate is exactly what the certificate says.

Consider the situation where you create a SSL certificate "on behalf of" a certain Redmond-based software company. Now, if your HTTP server presents that certificate, which you have self-signed, to a client, the user agent will warn that this certificate may not actually be whose it says it is. A certificate authority will verify - by paperwork, the real, actual dead-tree kind - the identity of the party requesting signing, hence it's trustable.

Hope this helps.