If your site is available under both http and https (i.e. if you put the certificate at the ROOT level of the site for whatever reason) then be aware that Google will index this site under both protocols.  From what I can see a fair amount of SEOs think that this will impose the duplicate content penalty, although personally I can't see it affecting your ranking too much.


The main thing you have to worry about is what happens when the user requests your page under https.  In IE, by default they may receive the "secure and non-secure content" warning, if there are any resources being requested explicitly over http.  The other is that the site will run slower, and resources won't be cached.

There are a number of solutions to this problem, and if you don't want to move your site certificate about then you can always use an ISAPI filter to intercept the requests and redirect them at IIS level.

We found IIRF, available at http://iirf.codeplex.com/ which worked straight out the box.  Note:  Although it claims to have an install you will have to do this manually, but it's really straightforward and the help is comprehensive.

In order to do the redirect above, put the following into your .ini file (which you place in the root of the site) :

# Iirf.ini
#
# ini file for IIRF
#

RewriteLogLevel 1
RewriteLog F:\Inetpub\wwwroot\website\IIRF
RewriteEngine ON
StatusInquiry ON
IterationLimit 5

RedirectRule ^/secure/(.*) https://mysite.co.uk/secure/$1 [R=301]
RewriteCond %{HTTPS} on
RedirectRule ^/(.*)$ http://mysite.co.uk/$1 [R=301]

Check the help file for instructions on this language.