An SSL certificate is not required on the server side. The postback call from Google mirrors back the original transaction data plus an order Id. If you are using the sellerData
field, depending on your particular situation, you may consider encrypting that information.
Also see this related discussion:
Does Google Wallet API for digital goods require an SSL certificate?