A decade ago, SSL certificates were a thing for e-commerce sites, not libraries. Today, requirements that include SSL certs are popping up just about everywhere from securing login screens to passing around UserObjects from EZProxy with 3rd party vendors (OCLC).
We've tottered along in the past using self-signed certificates. This was easy, convenient, and cheap, but annoying for our patrons. For the paranoid user, browser warnings about self-signed ceritificates can be ominous. And as a student, there is nothing less professional than paying thousands of dollars to attend a research institution that can't even get a legitimate SSL certificate for their online applications that handle their private, personal data.
This is not an endorsement. There are no referral links, in fact no links at all.
ipsCA provides free wildcard SSL certs to .edu domains. No credit card information is required. The registration process is entirely automated and uses email addresseses found in the WHOIS directory to confirm your identity, so it may be a good idea to warn your domain administrators in advance.
When you get your certificate (it took me about a day). You'll get the actual certificate, a root certificate, and an intermediate. How these certs are installed is dependent on your webserver.