This is as simple as it gets -- how to install SSL, which is a mandate on every e-commerce site, easily and effectively on OSC:
(1) Inform your host. Tell your host you're going to install SSL through another company. They shouldn't charge you, but they might ... 10 bucks or whatever. They'll e-mail you a CSR (certificate signing request), which is really just a big clump of mumble-jumbled coding.
(2) Find an SSL Company. A popular one seems to be the RapidSSL by Geotrust, 'cause it's cheap, but there are plenty. Many people use Geotrust, Verisign, Networksolutions, GoDaddy, and others. A Simple Google Search can give you plenty of other options. Make sure it has at least 128-bit data encryption, and is compatible with all browsers. Make sure it has a trusted root. Make sure it puts a padlock in your browser. These are all questions you'll ask the SSL company.
(3) Purchase the SSL. E-mail the SSL company your CSR that your host gave to you. Be sure that both your host and the SSL company are on the same page -- assign your SSL to either http://www.yoursite.com, or http://yoursite.com -- but make sure the host and the SSL company are on the same page, and both do the same thing.
(4) Go back to your host. You'll receive an SSL Certificate Key from the SSL company once purchased. This will be more mumble-jumbled coding in your e-mail. E-mail the SSL Certificate Key back to your host. They'll install it for you.
(5) Alter your config files. All you need to do now is to alter your configure.php files. They're located in (path to catalog)/includes/configure.php, and (path to catalog)/admin/includes/configure.php. OSC is designed to protect the pages that require data encryption, and altering your config files will do this for you. These pages include login, create_account, checkout, etc,. and any other pages that require data-input by the end-user.
(6) In includes/configure.php, set the SSL to "true"; it should look something like this near the top, if you assigned the SSL to www.yoursite.com:
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
(7) In admin/includes/configure.php, set the SSL to "true" and add an "s" after all the http's. So it'll look something like this, if assigned to www.yoursite.com:
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
(8) Save and upload your configure.php files to their appropriate directories, perhaps using your FTP tool, or other upload tool of choice, and your SSL should be running smoothly and efficiently.