There is no easy way to redirect users to a ssl-enabled page to enter the credentials. SetEnvIf HTTPS ^on$ ssl Allow from env=ssl + mod_rewrite rules + auth with satisfy any would solve this problem.
This is possible in trunk with SetEnvIfExpr
fixed in 2.4.1