Password reset in Multisite a bit clumsy

I have Pro Sites working fairly well, but I wanted to test how it would perform if a client needed to reset their password. Unfortunately, the password reset email that the client receives, directs them to the main site login page, which is https. Once they've established a new password they see a message that they are on the wrong page with a link to their dashboard. When they click the link to their dashboard, they get a security warning, because the SSL doesn't cover the subdomains and they are still being directed to https instead of http. It all just seems a bit messy.

(That's the good news. The bad news is if I activate my Wordfence Security plugin, the client gets completely locked out of the site when trying to reset their password. I have it deactivated for now.)

Am I missing a setting somewhere? I'd love for the entire password reset process to take place directly on their subdomain.

As an FYI, I did try the "Log In Message" plugin, but it doesn't seem an ideal solution and the message that they are not permitted to reset their password doesn't come up until after they've gone to the work of entering their email address. I'm foreseeing irritated customers at this point.

Got any suggestions that might help me out? :o)