SSL secure entire Frontend (all pages)
The redirect to HTTPS root has nothing to do with the unsafe URL setting and the .htaccess
setting suggested is not required.
If you have issues when redirecting from http://yoursite.com/your_product.html
to https://yoursite.com/
when using HTTPS, just go to:
System
-> Configuration
-> General
-> Web
-> Redirect options
And set:
Auto-redirect to Base URL
-> No
If you need to fix broken URLs from broken addons/styles by changing href="http://somewhere...
or src="http://somewhere..."
into href="//somewhere...
and src="//somewhere..."
as usual to prevent mixed content issues. Of course, all external services should support HTTPS, but keep in mind the slowdown of having external resources.
ITS NOT THAT SIMPLE... There is a problem with changing the store unsecured url to https. Any links to existing pages, including links from ads, indexed pages in Google, etc, that point to http://yoursite.com/your_product.html will be redirected to https://yoursite.com/
You will need to go through your theme and make sure that there are no references to http:
and then...
You will also need to redirect all http: requests to https: in your htaccess file with code similar to this:
############################################
## REDIRECT TO HTTPS ALWAYS
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
it will need to be inserted somewhere after this in your existing htaccess file:
############################################
## enable rewrites
Options +FollowSymLinks
RewriteEngine on
You will need to adjust this to your specific situation and server set up.
Set your base url for both your secured and unsecured site to https://yoursite.com/
. That's all you need to do.