In a nutshell:
- Obtain and install an SSL certificate, so you can use https: wherever you need/want to.
- Update the two configure.php files to show SSL in use, and https: instead of http:, per instructions. There may be other stuff (such as changes to cookie paths); I haven't looked at it in detail.
- In .htaccess, add rewrites to change any incoming http: to https: (existing http: customer bookmarks and search engine entries).
- Watch your banner ads, etc. to make sure they're using https: instead of http: (avoid non-SSL content on an SSL page errors).
- Keep apprised of updates to osC, such as using secure paths for cookies, etc. (recently discussed).
There's a fair amount of labor to convert over cleanly to SSL, but once it's done, there's no additional work (except for checking that any new add-ons, banner ads, etc. don't have http: hard coded).