Domain mapping - redirecting to original domain for login - problems

BTW: I am referring to my sites-dev.ucsc.edu multisite install which I don't see in the list.
This is a subdomain install. The site in question is leslieg.sites-dev.ucsc.edu. The site has a mapped domain of faculty-dev.ucsc.edu.

My goal is have folks always log in to the original domain because I have a wildcard ssl cert for sites-dev.ucsc.edu but not one for ucsc.edu and can't have a new ssl cert for every time someone wants a new cname.

I have domain mapping set up to use the original domain for both administration and login. I have cross-domain auto login set to yes.

faculty-dev.ucsc.edu is currently a mapped domain to leslieg.sites-dev.ucsc.edu. I thought that faculty-dev.ucsc.edu/wp-admin would redirect to leslieg.sites-dev.ucsc.edu/wp-admin. It DOES eventually get there but attempts to get to https://faculty-dev.ucsc.edu/wp-admin first and therefore I'm getting an ssl warning. If I ignore the warning, it redirects to the original domain.

two questions:

1. Am I doing something wrong?

2. Do you know what the syntax is to create a relative link that brings up the original domain rather than the mapped one? I notice that the meta widget login URL is to the original domain rather than the mapped one...so there must be a way to write the relative link that way, no?

I would like to put a relative link in the footer of all my sites to the login page and want it to be relative to the subdomain.