SSL certificate on a subdomain

Yes, you will have to purchase a certificate for the main domain.

What about if SSL to your main domain is blocked by your CDN (cloudflare)?

If you’re using Cloudflare and you want to use SSL, that requires a pro account. https://www.cloudflare.com/wiki/How_do_I_add_SSL_support_for_a_domain%3F

Yep. I’m not paying them $20/month just to have SSL.

So I take it that means there is no way to have the admin section on a subdomain, like secure.mydomain.com?

You can if you’d like. In the settings you can enable Shared SSL and set the Shared SSL Host to https://secure.mydomain.com and then enable the Force Shared SSL Admin option.

This will not affect the front-end of your site unless you check the Force SSL option on a page or post.