For a quick and dirty description, check this out. http://www.dummies.com/how-to/content/how-to-configure-lion-server.html
You will indeed need to purchase an ssl certificate if you're looking to connect to your server securely. Also, something you haven't mentioned, you'll need to purchase a domain name if you want to be able to type something like example.com and be able to reach your website.
There's lots of websites that will do this for your. Just google "purchase domain name" and pick one of the sites that comes up. You'll certainly need to do this before you try to set up your sever as one of the first things you have to do is enter in your desired domain name. If you set it up with a domain name that belongs to someone else, then you'll have to start from scratch all over again.
I enabled a server.hostname.private name and turned off VPN. When I try to access my server with Google Chrome I get 403 Forbidden (Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8r DAV/2 Server at server.drewhumphrey.private Port 443). All I want to do is to be able to access my files on my Mac from another Mac. Should I be using an internet browser for this? I don't understand how to enable files sharing or why I am getting 403 Forbidden errors when I have made myself a user of the server.
You do not need to purchase a certificate if you are just using it "all in the family" so to speak. Properly setup it will generate a selfsigned certificate and you can point all service to that cert. Client connections will report the certificate is bad but you know it is good since you are connecting to your server. Just make sure it has your server name and make sure to save the cert. The only reason you would want to purchase a certificate is if the public will be accessing the server.
If you are trying to access files from inside the LAN you use Go>Connect to Server. If you are trying from outside the LAN you must use VPN.