I have a client who would like to continue to host their forms with a 3rd party vendor, but has asked me to redesign their site. Unfortunately, right now the forms are hosted in an iframe on the 3rd Party's servers, or just a direct link to the 3rd party.

The forms are ugly and poorly made, but it is what it is. I have to use them for handling the data.

However, I'd love it if I could make the forms myself, have them look like the rest of the site, and work nicely.

Tricky bit: The form information MUST be secure. No financial data, but resumes, and potentially some medical history could be submitted.

So if I create a form and host it on a server with an SSL certificate, and post it to the 3rd party's secured server - is the data secure?

If not, what options (if any)do I have to achieve my goal of a nice looking form that securely posts data to their server? The 3rd party has no customization options for their forms.

Thanks.

So if I create a form and host it on a server with an SSL certificate, and post it to the 3rd party's secured server - is the data secure?

Yes, it is secure. The user's form will post to https://thirdpartyserver.com, which will ensure an encrypted post.

Not inherently secure. The SSL on the host is not relevant, the SSL on the third party server is. However you must set the post to "https://..." rather than just "http://", it isn't enough for it to be a "secure server" you have to invoke it securely. You will want to also USE the SSL on the Host (even knowing that it is irrelevant) because you want your page to show up with "https://" in it's url to create the perception of security to the less inform user.