Also, if you want to make it real easy on your users, disable the requirement for HTTPS for the root of the site, but make sure it is required on the virtual directory. Then people don't have to ...