It’s easy on Dreamhost. If you are not particular about who issues the certificate, get it from Dreamhost. After a short while, it’ll be installed. Then, visitors can use either “http:” or “https:”, regardless of any subdomains (“secure.mysite” is not a gimme). If you don’t want people to visit via non-SSL, one way is a brief PHP script at the top of each page to prevent it. There may be other ways.
I got mine from a 3rd-party. In that case, you go to their site, pay and give all the info, and they email you one or two chunks of garbled ASCII, which you then paste into Dreamhost’s form. Boom, you’re done.
I think it’s a $25 one-time fee for a dedicated IP address, which is required for SSL.