Confused about SSL, Keys and Cert ...

I have read that for SSL I just need to buy a private and public key and I don't need anything else but my host says that I have to buy "security certificate" and a "dedicated IP".
but some pals say that I can use a "shared ssl" and others say that I can find it all for free.

I am realy confused. Could somebody give me an step by step guide on How to have that security icon at the buttom of the browser and an https://.

You don't buy a private and a public key, you buy a key-pair (they are inextricably mated together). You MUST have a dedicated IP address in order to have a meaningful cert as it is part of the cert's formation. I believe you can update the cert (I don't remember off hand how the entire handshake process works) to reflect a change in IP for free, but I am sure that there is a limited number of times you can do that and hosting via a cable/DSL modem that is constantly changing IPs is likely to be more than the allowed number. You can create a self-signed cert (most browsers will popup a warning that it is a self-signed cert), but that won't help you as your IP changes, but I believe all the user gets is a warning that the IP/name does not match the cert. If all you want is encrypted communication, a self-signed cert is fine and does not cost a penny. Regarding HTTPS, that is a separate web server (though some versions will listen on the secure and non-secure ports, but it is probably best to have separate servers (software server, not physical server)) running on your box that is configured for the HTTPS protocol and has the cert embedded in it (self-signed or otherwise). How to implement that is specific to the server, read the manual. Many free servers lack HTTPS, the protocol is much more complex than plain HTTP, but I am pretty sure that Apache has it embedded.