It depends what you’re doing. An SSL/TLS certificate is required when you have a Credit Card field on your form. It allows your website to encrypt all communications with the customer’s web browser, so that nobody can sniff their credit card details off the Internet.
No, you don’t need one
If you are only doing one-off payments, you can use eWAY’s Responsive Shared Page to accept customers’ credit card details. This means that the customer fills out your form, then Gravity Forms passes them to an eWAY web page which has SSL/TLS encryption. Once they’ve finished the transaction, eWAY passes them back to your website. You need Gravity Forms eWAY Pro to use eWAY’s Responsive Shared Page.
NB: it’s probably still a good idea to use a SSL/TLS certificate — it makes customers feel a little bit more comfortable about submitting their name and address data, even before they get to eWAY to enter their credit card data. If you’re just trying to get everything going and don’t want to worry about such things right now, then it’s OK to leave it to later (or never!) if you’re using the Responsive Shared Page method.
Yes, you need one
If you need Recurring Payments, or you use the Direct Connection method, then you must have an SSL/TLS certificate. Both of those payment methods require a Credit Card field on the form, and that means customers will be entering their sensitive credit card details on your website. You need an SSL/TLS certificate if you use the Gravity Forms eWAY free add-on.
This isn’t simply a good idea any more, it’s a requirement: eWAY demands it; your bank demands it; and your customers will run away from you very fast if you try to get their credit card details without the little lock on the top of their browser!