The multiple versions of the checkout behavior may happen for a few reasons, most likely is applying the Display manger to the page multiple times, but not removing the code above the doctype when deleting the code from the body.
Yes, pointing to the SSL directory on the checkout action will cause each page after to be in the secure ssl.