In IE7 my web site always causes the browser to prompt a "Security Information" dialogue box:
This page contains both secure and non-secure items.
Do you want to display the non-secure items?
How can I avoid getting this message when traveling between non-secure and secure pages (HTTP to HTTPS)?
You need to make sure all your images, script files, CSS files and so on have HTTPS urls if you're on a secure page.
If you view-source and search for "http:" this will soon tell which one (or more) is wrong.
Example:
<script src="script.js" type="text/javascript"></script> - Correct
<script src="https://ssl.google.com/ga.js" type="text/javascript"></script> - Correct
<script src="http://www.google.com/ga.js" type="text/javascript"></script> - Wrong
You should make sure that you haven't included http:// explicitly anywhere in your code. If you did then that message will be displayed.
There is also an option in IE to toggle this message when moving from HTTP to HTTPS pages. In IE7, it's on the advanced tab, second checkbox from the bottom.
There is also a 'Display mixed content' option in IE7, security tab, custom level.
Set it to Enabled for the site level you're accessing the site as.
RoBorg has it dead on. However, it can be tricky sometimes to track down the specific page or item causing the problem. Often it is a broken link that redirects to the "404-page not found" page.
A trick I like to use is to hit the page and answer in the affirmative on the prompt then look at the IIS log entries generated for any rows with an 80 in the port column instead of 443.
Lord how I hate IE...if only we could all invocie M$ direct for the amount of time BURNED trying to keep not only their browser happy and (silent) but client happy, and, ultiamtely, silent also.
May FireFox reign hell down apon thee.