One one of our sites, we're redirecting everything to a sub-folder. We noticed that on our ssl pages that the padlock blips and is then gone. From my reading, others have mentioned that it's related to the 301 and images are preceived to be non-https. In this scenario and in the cases I read about, IE doesn't display any security warning windows.
Is there something additionally that needs to be done to address the images? If I shut off image display in IE, the padlock displays correctly. All our images references appear to be relative and within subfolders of the folder we're redirecting to.
Use an internal URL-to-filepath rewrite, not a external URL-to-URL client redirect. In this way, the incoming requested URLs will be "mapped" or "pointed" to a non-default location in the filesystem (your subdirectory), with the client (e.g browser or search robot) remaining completely oblivious to this fact.
The basic problem appears to be that you've 'mixed up' URLs with filepaths; They don't necessarily have to be related. In so doing you've thrown a client redirect into the mix, which is unnecessary, slows down your users' transactions, puts double-entries in your server logs (screws up your stats), and may be the cause of this SSL problem. Like many technical misunderstandings or errors, little errors in server configuration can cause *big* problems.