An SSL certificates are used to make your personal information protected, particularly when it comes to online transactions. It’s a mechanism that works between a user’s browser and the website the user is connecting to. In its software, the website has an SSL certificate issued by a trustworthy authority. Web browsers (i.e. Internet Explorer®, Firefox® and Chrome™) recognize these certificates. When confidential info needs to be exchanged, SSL is used to encrypt the information before it is sent, and then to decrypt it at the other end, when it has been received.
This ensure that the website activity, from its own sensitive information to that of its browser is secure. This is especially important if the business is involved in handling online transaction. Online Buyers and visitor know this stuff. Banks, for instance, have warned them to check for the small padlock icon that appears on their browser screen when SSL is in use

Indeed. And you can get them without hassle and totally free of charge from Let's Encrypt without having to use some commercial outfit which charges silly money. Just saying...

If you're hosting a website then your hosting provider will definitely have a free SSL option. and if they don't then you're with a shitty provider and you need to bail already lol.

besides HTTPS is a ranking factor now even if not one of the main ones...

i wasnt aware of the free ssl option....thanks

Referring to your title of Question..
1- All websites are online

  1. Not all websites need SSL. Only who are using online money transcations need a secure line to safe clients from internet theft.

Not so. All sites require a SSL cert unless they are happy being either flagged as insecure by web browsers (or the user refused a connection) and being hit with a search ranking penalty. Your comment is now very dated indeed I'm afraid afia_1

commented: Be not afraid of telling the truth. +15

All e-commerce sites require SSL, otherwise people can skim your user's credentials as well as their Credit card numbers. Essentially they craft a regex that matches the credit card number that is applied to a certain page which is returned to the server. The man in the middle acquires the card info, and stores it for later usage and or sale on the dark web. From what I understand you buy the SSL cert from a Certificate Authority, and your admin should plug in the certificate to your IIS server somehow. Have been looking for a good demonstration of this, as I will probably be plugging in my own test cert for my testing on my local VM box.