Google's own walk-through for site moves is not bad at all:

[support.google.com...]

This does include http to https, incidentally.

The move in general should be pretty seamless if you don't change anything else (other than to modify your links/code to reference https), and redirect everything. Google's handling has drastically improved in this respect.

does changing rel=canonical from http to https replace / augment or add extra value to the htaccess?

I assume you don't mean having an HTTP canonical attribute on HTTPs pages? That would be bad! The HTTP version of pages should be totally inaccessible, and everything should reference HTTPS.

is this simply done at the host level and boom, it is done?

Or must we also issue an htaccess style redirect to make sure all backlinks continue to pass linkjuice correctly?

Generic advice: Don't let something be done at the host level if you've also got an htaccess-or-equivalent. Otherwise you risk having chained redirects, which is bad for humans on slow connections and generally doesn't make search engines happy. http and https are different URLs, in the same way that with-and-without www are different URLs. It's up to you to make everything redirect appropriately. I don't know about IIS, but in Apache (which is what htaccess implies) you can handily combine the https redirect with the www redirect you've already got.

The "canonical" tag is used when more than one URL can lead to the same content, and it's out of your power to change it. When the redirect is in your power, there's no need for "canonical".

Thanks Andy for the Google Guide - although I find them rather cryptic, that covers most of it.

Lucy's point is well taken - makes perfect sense etc.

Of course, this is in IIS, and that's where it gets funky.

If you can get everything to redirect to the HTTPS version, you're unlikely to see any issues. I've even observed sites doing this without any planning whatsoever and not see ranking problems, so I think you're good to go. In terms of well-planned HTTPS migrations, I'm losing count of these, and I haven't seen any ranking issues at all - yet ;)

ISAPI rewrite and similar can certainly do the job, incidentally.

Is Amazon HTTPS?! No? Thought not...

When I type [amazon.com...] it works.

Of course it works, as just about any ecom site with an SSL cert will "work". What pages are Google indexing? Are they HTTPS? Nope. Is Amazon serving HTTPS as default & redirecting non HTTPS request? Nope.

What pages are Google indexing? Are they HTTPS? Nope

The answer is "both":

[google.co.uk...]

A million URLs is not too shabby! You can get away with this pretty well if you're Amazon, though.

Is your implication that there's something bad about HTTPS that might help the OP, chewy, in determining how/whether to implement SSL? Perhaps you can clarify?

My implication is there is absolutely no reason to serve all pages via HTTPS. Ranking boost? If anything I have seen competitors try It and saw their rankings DROP. They have since switched back.

More Google FUD to have webmasters waste their time jumping through Google hoops rather than concentrating on running their business (exactly what they want)

My implication is there is absolutely no reason to serve all pages via HTTPS.

Plenty of people outside of Google think HTTPS everywhere is a good idea. It's a security feature, after all.

EFF believes that every website should support HTTPS on all pages as soon as possible

[eff.org...]

Particularly if you have a site that already need https (user login, checkout, any sensitive information) why go through all the hassle of having to maintain both and get worse security whichever way you do it?

Even beyond security, webmasters are losing an increasing amount of referral stats if they keep things in plain HTTP.

Ranking boost? If anything I have seen competitors try It and saw their rankings DROP. They have since switched back.

So, are you saying that HTTPS is a negative ranking factor? That doesn't match anything that I've seen, although I'm no proponent of switching to HTTPS purely for expected returns from search traffic.

why go through all the hassle of having to maintain both and get worse security whichever way you do it?

Amazon seem to think it's worthwhile having HTTP product pages listed in Google's index?

So, are you saying that HTTPS is a negative ranking factor? That doesn't match anything that I've seen, although I'm no proponent of switching to HTTPS purely for expected returns from search traffic.

I'm saying competitors I monitor for certain keywords DROPPED on page 1 after they went HTTPS (& there was nothing wrong with how they implemented it). They then went back to HTTP and seem to have regained their old positions. Pretty much everything Google comes up with seems to have a negative effect on sites. They say do X, you do it & see traffic get WORSE. The test domain I've implemented HTTPS on saw a one place positive movement for about 2 weeks, it then dropped lower on page 1 for the terms I was testing for. That site now hasn't had a single conversion in WEEKS (a 10 year old domain that used to make $$$$ every single day).

Those who think following Google's guidelines is a positive thing couldn't be me more wrong, if anything the sites I see doing things like the old days (LINKS LINKS LINKS) are doing better than ever.

Links take Google out of the equation, of course they wanted all of the FUD they created with their Panda, Penguin blah blah blah!

I'm saying competitors I monitor for certain keywords DROPPED on page 1 after they went HTTPS (& there was nothing wrong with how they implemented it). They then went back to HTTP and seem to have regained their old positions.

This is certainly not my experience. I have yet to see a straightforward HTTPS move that caused rankings to fall. It's easy to screw up, of course, since you're changing every URL. But, I've seen plenty of people do it in a far-from-perfect way without any impact at all.

Amazon seem to think it's worthwhile having HTTP product pages listed in Google's index?

How did you come to this conclusion? Because they haven't implement HTTPS redirects? You seem to be drastically under-estimating the complexity of their site and the way things get implemented in corporations. Let's assume Amazon's SEO team put in a request for HTTPS redirects. This request would be kicked back for a cost/benefit analysis to justify the sky-high implementation cost (and the dev cost will be high, make no mistake). Their request would then get rejected, unless they were able to suggest a huge SEO benefit (which they would not be able to do).

Saying "Amazon don't do it" doesn't prove anything. It doesn't even imply anything. The reason Amazon have a ton of duplicates across HTTP/HTTPS isn't because having a ton of duplicates is a really good thing that we should all copy. Once your site is beyond a certain size you lose the luxury of any change being simple to implement.

Oh please, like a company the size of Amazon couldn't make their site HTTPS.

Here's one for you, I'll bet $$$$$$$$$$$$$$$$$$ when Amazon goes HTTPS the ranking boost that Google mentioned will suddenly impact 5% of searches.

Oh please, like a company the size of Amazon couldn't make their site HTTPS.

I think you must have misread what I wrote. Cost/benefit is nothing to with whether something is possible. It's just the way things work at large companies. SEO team stands to get it in the neck if they suggest expensive fixes that don't provide a return.

the ranking boost that Google mentioned

I assume you're aware of how this has been described by Google, e.g. "it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals". Of course, there's a lot of hyperbole in the SEO press, but, then, when isn't that the case?

Yes I'm well aware of Google's claims. I fully expect the 1% to become 5% perhaps even 8% by the time I see Amazon fully HTTPS. Cynic? Very much so after spending far too long jumping through their hoops for zero (or negative) reward. Not any more ;)

I fully expect the 1% to become 5% perhaps even 8% by the time I see Amazon fully HTTPS.

Let's hope so! It's much easier for a typical site to implement HTTPS than Amazon, so free boost for everyone ;)

The point is - all amazon pages (those I randomly checked) work perfectly with https (no warnings). I'm sure 100% of amazon pages work perfectly with https. But yet, for some reason - probably due to speed and/or factors we don't know about - amazon doesn't redirect users to the https version. Obviously, Google as they said, would give priority to https so it's no wonder they index https since it's available, but it's not what amazon really wants/cares about (adding 1 line to redirect http to https doesn't require a corporate meeting). Maybe leaving both http and https without redirecting gives them a temporary boost, increases the number of indexed pages / rankings. Average webmasters don't know what Jeff Bezos does ;).

adding 1 line to redirect http to https doesn't require a corporate meeting

Actually a change like that in many fortune 500 companies would most likely require several meetings at different decision making levels bringing in different website company stakeholders. Sure you can make that change in 30 seconds on your own personal website but the corporate world is a very different place. I've learned from too many first hand experiences that just because a big profitable company is doing something doesn't guarantee there is a smart idea behind it. For example I have had to explain to multiple big companies that they should not block Googlebot no matter how much bandwidth is "wasted" on a bot if they want thier pages to be included in the search results.

adding 1 line to redirect http to https doesn't require a corporate meeting

Just to echo goodroi - I felt the pain of thousands of SEOs at corporations when I read the above! ;)

Why would a "multiple big company" (whatever that is) be worried in any way, shape or form about bandwidth? I don't even know a small sole trader who would be concerned about bandwidth seeing as it costs bugger all these days. Making Amazon fully HTTPS is no harder than making any site HTTPS. To suggest otherwise is glossing over the fact that they have not done it despite their best buddy Google saying it can do nothing but good. Then again when you are listed multiple times on page 1 it can't get any better right?

ps, try it with eBay (another Google love child with obvious black hat techniques deployed, although to be fair they must be plumbing $$$millions into Google Shopping ads so will no doubt get something in organic back in return), they actually have redirects from HTTPS to HTTP. Can ANYONE, one single person on this forum post pictures of a site where you have seen any ranking boost what so ever? Where is the "1%" of queries (1% sounds small but it really isn't) that have seen this boost?

Google also said based on their tests for the past few months, the HTTPS signal showed “positive results” in terms of relevancy and ranking in Google’s search results.

Ohno2, there shouldn't be any need to misquote people or ignore parts of what has been written. This doesn't make your argument more convincing (quite the reverse).

Why would a "multiple big company" (whatever that is) be worried in any way, shape or form about bandwidth?

I'm sure you understand what "I have had to explain to multiple big companies" means. Regardless, goodroi is sharing the information that he has worked with big companies that were concerned about bandwidth. You can say that this just isn't true, but the only reason to do so is if you don't want to hear information that doesn't support what you're saying.

Making Amazon fully HTTPS is no harder than making any site HTTPS.

If you take anything from this thread, understand that you are wholly mistaken about this. Making any change to a corporation's website is vastly different from smaller sites, and making a site-wide change with the potential to affect all results is even harder than that. I'm saying this from direct experience, as was goodroi above.

Where is the "1%" of queries (1% sounds small but it really isn't)

If you snip the first and last parts of the quote, then it does make it sound more impressive. But it doesn't make it any more true.

affecting fewer than 1% of global queries, and carrying less weight than other signals

The only person in this thread talking about major ranking changes (fictional or otherwise) from implementing SSL is you. Google certainly haven't suggested it.

The biggest absurdity in what you're saying is that, on the one hand, implementing SSL is super-easy and takes no time at all, and on the other, it's part of an elaborate scheme by Google to waste website operators' time on trivialities.

You also have it backwards about Amazon and Ebay. They are not the model of SEO to follow - quite the reverse. They are the big players you aim to beat in your niche because their own SEO is severely constrained by the size of their operation.

The biggest absurdity in what you're saying is that, on the one hand, implementing SSL is super-easy and takes no time at all, and on the other, it's part of an elaborate scheme by Google to waste website operators' time on trivialities.

& yet so many people have questions about what IS an easy thing to implement. It took me all of 5 minutes to do it on a test site. Looking around loads of people have managed to screw it up, do you not think those people are then wasting resources fixing the problems created by a suggestion from Google rather than RUNNING their business? Just like those wasting their time with disavow files. Now THAT is the absurdity.

oh, & I never said "major ranking changes" so please don't misquote me to back up your agenda. I've requested a SINGLE PERSON in this forum (considering you all claim to have multi company clients that shouldn't be too hard) to post analytic proof of a single ranking change due to going HTTPS. Not hard is it?

I never said "major ranking changes" so please don't misquote me to back up your agenda.

You're splitting hairs. Nonetheless:

Where is the "1%" of queries (1% sounds small but it really isn't) that have seen this boost?

This is the only mention in the thread of HTTPS being a "not small" factor (aside from your observation on competitors losing rankings).

post analytic proof of a single ranking change due to going HTTPS

Who is this directed at? No-one in this thread has made such a claim. A graph showing a small change to less than 1% of keyword traffic is hardly going to be dramatic, is it? How could you possibly separate this from other factors? And how could a graph posted to a forum ever provide proof of a claim regarding an extremely minor ranking factor? You could, quite rightly, suggest that other factors might be involved. And for a less than 1% change that might be a particularly rainy day.

Google now processes over 40,000 search queries every second on average, which translates to over 3.5 billion searches per day.

You don't think ~1% of that is a large enough number for maybe someone to have seen something positive? Going HTTPS was enough to see one of my competitors drop, of course that could have been a rainy day and the sun came out when they went back to HTTP.

Pigs may also fly.