You definitely need an ssl certificate in place before using htaccess to do the redirect but it’s the browser that sees the certificate. The htaccess file just does a 301, permanent redirect from http to https.
Yeah, I just went through that with my website. The script has a feature in the ACP to set it as HTTPS but it didn’t work right and I had to go play with the .htaccess file to make it a permanent redirect.