Maybe I don't get the question, but as far as I know,

can only be installed on the root of a domain

This is false, or misunderstood, anyway. What it may mean is you can't secure domain/folder by itself, you have to secure domain, and then of course, domain/folder is indeed secured by the cert.

could i just 301 that...

Correct, but you'd have to do it via .htaccess for static files (you can use Javascript, but it's less reliable.) If you're doing any scripting, add to the top of your scripts

if (! isset($_SERVER['HTTPS']) or (isset($_SERVER['HTTPS']) and ! ($_SERVER['HTTPS']=='on'))) {
header("HTTP/1.1 301 Moved Permanently");
header("https://example.com");
}

although I have some servers return the wrong headers with the words "Moved Permanently" so it may just need

header("HTTP/1.1 301");

Thanks rocknbil. Just to make sure I understand correctly.

1. Install SSL on root of domain.
2. Htaccess redirect pages I want to show https

I just want to make sure the rest of my website will still show http URL's and it won't cause any SEO problems.

Sure, they shouldn't. A couple tips . . .

If you always use this approach when linking to images, css, javascript, or other files,

<img src="/images/file.jpg">

It doesn't matter whether you request the page via https or not, you will never get the "unsecure items" warning. The leading slash means "start from domain root" and it doesn't matter whether that's over https or not, the browser resolves it properly.

This means the only time you need to use the full URL is when going TO or FROM secure pages. This is also true in your CSS and Javascript and "uncomplicates" a lot of things, like having a css file in /css and images in /images.

#some-selector { background:url(/images/some-background.jpg); }

So in **any** file, in **any** directory, secure or not, you can do

<link rel="stylesheet" type="text/css" href="/css/style.css">

and wherever this file is, even

/six/or/seven/directories/deep/file.html

it will always find the css at

/css/style.css

The one downside to the leading slash approach is that the files won't work when offline (your computer is not a web server and doesn't have a "domain root.")

There's one complication to be aware of, and hope it doesn't lose you. You can ignore all of the below if it does. :-)

Many domain packages contain a domain manager control panel, and you may or may not see an option to "house all SSL content in a single directory" (or similar.) With this you will often find the folders httpdocs and httpsdocs at the account root. "httpdocs" is normally your domain root, that is, anything in httpdocs will be found via browser at example.com/.

With "house all SSL content in a single directory" enabled, you will only be able to serve secure documents from the httpsdocs directory. Most of the time, you'd leave it unchecked, so you can control "anything" in httpdocs as secure or non-secure without having to duplicate things.

Example: with all SSL restricted to a specific directory, if you wanted "file.html" to be secure you'd have to put it in httpsdocs. The problem, images are in httpdocs/images, so now you have to have a copy of the images directory in httpsdocs so you don't get the "insecure items" warning. Keeping this option off will simplify things quite a bit as anything in your httpdocs directory can be secure or not, as you need it to be.

There are other setups that are similar, for example, domain.com is in /public_html and if "house all secure content in a single directory" is enabled, the secure directory might be parallel to public_html or actually inside it.

Thanks for all the help rocknibl I appreciate it. I usually have someone set my servers up for me but I figured it was time I start to learn this stuff :)