Here are some specific steps when using DreamHost and GoDaddy for Secure Hosting (HTTPS) and SSL Certificate.
1 - Purchase domain name
2 - Purchase SSL Certificate (credit)
3 - Point custom nameservers to DreamHost
4 - Create domain account
5 - Obtain unique IP address
6 - Obtain secure hosting (don't check "I already have a secure certificate"), just generate free CSR
7 - Copy and paste the entire contents between and including -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- into a text file on your computer for backup. That's your CSR.
8 - Activate SSL credit for that domain
9 - Paste CSR (including -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST-----). Select "Apache" whenever it asks.
10 - Download signed certificate (zipped file with a .crt file in it).
11 - Open the .crt file in a text editor and copy the entire certificate (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----).
12 - Click on "Edit" for the Secure Hosting for that domain
13 - Delete the contents in the "Certificate" field (the second big field), but leave the first and third alone (the first field is the "Certificate Signing Request" field and third one is your "Private Key," but leave those as is).
14 - Paste the certificate (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) into the Certificate field.
15 - Click on "Edit HTTPS now!" submit button
And that's it.
From there you can create a database for that domain and install XCart, or whatever.
NOTE: the certificate that you deleted in step 13 was the self-signed certificate that's free from DreamHost. You can continue to use that one, but your browser will give every visitor a warning each time the HTTPS site is visited. So you want to replace that with your newly purchased signed certificate so that no one gets that warning.