The short version is that you need to get an SSL/TLS certificate and key. Here’s how.
The longer version is that SSL/TLS communication between a client (a web browser) and a server (the web server) requires both sides to establish an encrypted connection, and a properly encrypted connection requires the server to be able to prove its identity. After all, an encrypted connection between you and Bob’s web site is significantly less valuable if you can’t be reasonably certain you’re actually talking to Bob’s web site—I could be pretending to be Bob’s web site, and you could be spilling your secrets to me. Or to anyone.
So servers have cryptographic certificates to prove they are who they say they are. These certificates are issued by “certificate authorities,” which are entities (usually companies) that the world collectively has decided are trustworthy and can vouch for the identities of the people and organizations that request certificates from them. Which when you think about it sounds insane—and it is, because ultimately the entire SSL/TLS system is based on trust and it’s a giant house of rotten cards and it’s one of those things where the more you know about it, the less you sleep at night because you realize it’s so fragile that a stiff breeze could destroy the entire thing but ha ha it underpins the global economy so that’s exciting.
Anyway, to offer SSL/TLS on your web site, you need to get an SSL/TLS certificate and its accompanying public/private keypair. To do this, you need to request a certificate from a certificate authority, which will involve you doing some amount of identity validation (some of them will want you to scan and send them a copy of your driver’s license and a recent utility or phone bill, for example). Most will charge you anywhere from a ridiculous to a hilariously ridiculous amount of money, but there are a few that will issue certificates to individuals for low or no cost. My personal recommendation is StartSSL, which I use for SSL on all my sites. They’re free.
Ars Technica ran a good guide several years ago on how to get an SSL/TLS cert from StartSSL, and everything in it is still valid. That’s a good place to start.