Ideally the easiest way to setup SSL with SharePoint is when you create the web application to check off that you plan on using SSL, this will setup the AAM for you and save you a few steps (Although you still need to generate the cert, install it, etc.).
Past few times I've created web applications, SSL wasn’t a requirement at the beginning and had to be configured after the fact.
First, you’ll need to generate a CSR request from the IIS website. Make sure you do this from the correct site, otherwise the SSL won’t be valid.
How to Generate a CSR from IIS
Steps for how to generate a CSR from Verisign
Send the CSR request off to your certificate authority. They will send you a valid certificate that you can then install on the IIS site
How to Install SSL Certificate in IIS
Steps for how to INSTALL a certificate from Verisign
Open your IIS site that you want to install the SSL cert onto and click the “Server Certificate” button
IIS knows that you initiated an SSL request, so it asks if you want to process that request now and install the SSL cert that matches that request.
Select the SSL cert that you received from your SSL authority
Select the SSL port number that you want you use. Default is 443, but be sure to know that only 1 site can have SSL running on port 443 for 1 IP address. Do have multiple sites using SSL on port 443, you’ll need multiple IP addresses and each site needs to be on a separate IP address.
If the cert if valid, you’ll see a summary of its information.
Hit FINISH when you are done to install the SSL cert.
If you look at the IP configuration for your website now, you should see that you know have an entry for SSL with port 443.
FYI, I just recently found this out but IIS can ONLY do SSL on port 443 on 1, yes 1, site per IP address EVEN with host headers. You have 2 options to get around this, 1) use a different port for SSL if you only have 1 IP address or 2) Add more IP addresses to the server and assign your SSL sites appropriately, 1 per IP address.
After all the above, if you go to your SharePoint site, you should now have it working under SSL.
Be sure to take a look in the AAM (alternate access mappings) to make sure you have entries for SSL for your site.
To force users to use SSL all the time, you have a few options
Create the redirect HTML page with the following code:
if (location.protocol != 'https:')
window.location = 'https://'+ location.host + location.pathname + location.search;
//alert(location.host + location.pathname + location.search); Just for sanity check
Save the file as “redirectssl.htm” and save it to c:\inetpub\wwwroot. The reason for saving it to this location is so that multiple sites can access it and you only need 1 file to keep updated.
Open IIS manager and select properties on the site which you want to force SSL on.
Go to the Custom Errors tab and you need to change the 403;4 to point to our redirectssl.htm file.
Click edit on 403;4 and enter in the location to our “redirectssl.htm” and hit OK.
In addition we need to make sure that the IIS site needs to force the site to require SSL, that way it will throw the 403.4 error if someone access it through HTTP.
Perform an IISRESET
IIS redirect (Alternative SSL redirect option)
Another way to redirect to SSL is to use whats natively built into IIS. I am not an expert on this solution but it looks promising as well depending on your specific needs. If you go into an IIS site and goto the Home Tab, you’ll see the option for “a redirection to a URL” and then the “Redirect to:” field lets you specify where to redirect to. IIS has a redirect syntax that you can use to redirect users to a site and can then force SSL as well.
IIS Redirect Syntax
Issues with Search
Forcing SSL tends to cause issues with the search crawler if not corrected. Go into search settings and make sure that your crawler settings are point to HTTPS and not HTTP anymore. SPS3 / SPS3S
Good link that walks through at a low level what happens behind the scenes over the wire for HTTPS