Redirect all http:// request to https://
Changing the unsecure base url to https will change all links and redirect non-https requests to https://example.com/ (the home page), because that's what Magento does when the base URL validation fails.
So this is a good start but to also redirect http://example.com/foo/ to https://example.com/foo/ you need to do it via webserver redirect.
For example, add the following code at the top of your .htaccess
:
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Or if you use a reverse proxy like Varnish:
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
This is because the requests from Varnish to Magento will be without SSL (HTTP), but Varnish sets the X-Forwarded-Proto header to "https" if the original request was made with SSL (HTTPS).
For completeness we also do a very similar thing to what fschmengler has suggested with some additions;
RewriteCond %{HTTP:X-Forwarded-Proto} !=https
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_METHOD} !=POST
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
We place this inside the section of the .htaccess just below RewriteEngine On
Set your base url for secure and unsecure in the backend. Set yes on use secure url in frontend in the backend.
Then edit your app/etc/local.xml and include this
<?xml version="1.0"?>
<config>
<frontend>
<secure_url>
<all>/</all>
</secure_url>
</frontend>
</config>
Or at least paste the XML tree frontend and lower in between the config tags.