You have to install a secure certificate through whatever control panel you have on your hosting. Generally, this means:
1) Generate a CSR (Certificate Signing Request) on the hosting
2) Purchase an SSL certificate from a major issuer (I get mine from Godaddy at the moment) and set it up using the same information as what you entered for the CSR
3) Install the certificate (you can get instructions on that here: http://community.godaddy.com/help/5346/ssl-installation-instructions)
Depending on your hosting, you may then have either a separate folder for your secure pages (https_docs or whatever) or it may reference the same folder as http and every page on your site will be accessable through both https and http.
IMPORTANT - You should have a line of code at the top of all your ordering pages to make sure you're secure, and if not, forward to the https version of the page url. Something like this (typed from memory, so unchecked for syntax or typing errors):
if (!$_SERVER['HTTPS']) {
header("Location: https://www.{$GLOBALS['_domain']}{$_SERVER['REQUEST_URI']}");
exit;
} Where $GLOBALS['_domain'] is a global variable with your primary domain.
