When you are on a page that is served up via the https any items on the page like images that do not come from https will give the user a warning. The way to fix this is to ensure that you have all of the attributes match the protocol that is used to access the pages. So on pages in your site that are served up via https you would want to ensure that the source for any images or other content also have the https in them.
If you want to send your user back to the regular http version of a page like on the checkout success page you can just set the redirect to be like that. On the confirm page where you are setting the checkout success page just use the full address like this:
There are also ways this can be done directly within the php code to redirect the user back to the version of the page you would like them to see. If you are interested in this method let me know and I can show you an example.