I don't know why they want to take the HTTPS off of the subdomain, but adding it onto the main site is probably because customers are asking why we don't have HTTPS there when our competitors do. The main site has a lot of links to the login, but the login page itself has HTTPS.
Okay. So, we should place 301 redirects and canonical tags on the pages. The pages are http://www.example.com/keyword or https://subdomain.example.com/keyword so I don't think they are relative.
Since the old pages will only change their HTTP designation, there wont be an archived version of the old URL. Do we place the canonical tag with the old URL on the URL's page?
<...rel="http://old-site.com/keyword"> on the new page