My hosting provider gives me the ability to enable a free SSL certificate on my website. The certificate is trusted but does not match my domain name, which means that you have to manually accept the certificate when browsing the website for the first time.
Now all pages are accessed through https:// and it works fine.
But when sending POST data to my server using jQuery ajax, I still can see all the data that is sent in firebug - in clear text.
Does this come from the fact that the SSL certificate doesn't match my domain name?
Thanks
It does not have anything to do with SSL. Ajax posts have to originate somewhere, and so firebug will always be able to it in your browser (as its not encrypted within the browser instance itself).
SSL encrypts the connection between your browser and the server, to prevent eves dropping. So that data will not be visible to other machines. If you want to see the data in its encrypted form I recommend setting up a debugging proxy.
See an explanation of ssl here.