Not sure how to best write the following rules:
Try adding the following to your htaccess file in the root folder of your domain.
RewriteEngine on
RewriteBase /
#Non-secure requests to secure.domain.com should redirect to https://secure.domain.com
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^secure\.domain\.com$ [NC]
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#All secure (HTTPS) traffic should redirect to https://secure.domain.com
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^secure\.domain\.com$ [NC]
RewriteRule .* https://secure.domain.com%{REQUEST_URI} [L,R=301]
#All other non-secure requests should go to http://www.domain.com
#Lastly, all non-www requests should redirect to www, except the "secure" subdomain.
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\.domain\.com$ [NC]
RewriteRule .* http://www.domain.com%{REQUEST_URI} [L,R=301]
