SSL certificates are relative inexpensive, but there’s a number of organizations that are starting to offer certs for free – Let’s Encrypt is one. Their approach requires a script to renew your cert every 90 days. In some hosted environments however it might not be possible to run such a script.
For OpenShift hosted apps, you can both assign your own domain name to an application, and also import an SSL cert. See instructions here. Since it’s currently not possible to run a script like what Let’s Encrypt uses (see SO post here), certs from other organizations are more easily imported. StartCom is offering free SSL certs for 1 year, after which presumably you renew for another year.
Depending on what you are hosting, you may need to find and replace any hardcoded references to content loaded via http instead of https (to avoid ‘mixed content’ warnings in your browser). Once you’ve done this though, you get a shiny new green SSL padlock on your site!