- Get the valid security certificate
- Install it using SHA-2 and make sure it is configured properly
- Do the HTTP migration on a test server to test first
- Set up HTTP to HTTPS 301 redirects and test
- Update all external plugins to ensure they are HTTPS compliant (commenting, widgets, twitter, facebook, youtube, all those embeds - trust me you won't find them all)
- Update all your ad code to support HTTPS
- Ensure your analytics will work on the new HTTPS URLs
- Update social sharing counts (use code that counts both HTTP and HTTPS counts or uses one or the other based on a cut over date)
- Update your internal site search to support HTTPS and discover new URLs sooner
- Submit new HTTPS XML sitemaps
- Review the Google site move article
- Verify the new HTTPS site with Google Webmaster Tools and track indexation, crawling, search queries, etc.
- Test your site using the Qualys Lab tool
- Read every article I wrote about it over here to know what to expect
I am pretty sure that covers 95% of it. If I left something add, use the comments below.
I did ask Google to build a report in Google Webmaster Tools for HTTPS content mismatch errors to help webmasters.
Forum discussion at WebmasterWorld.
This post was pre-written and scheduled to be posted today. FYI, I am offline today, so if Google does a Penguin update - I won't get to it until Monday.