Browsers enforce a security model where if the html site (e.g. the Portal page) is being loaded via https and resources in the html are referenced via http the browser will deny loading them with a message of mixed content.
WebSphere Application Server and WebSphere Portal are typically deployed in a three tier model where a load balancer sits in front of a web server with the IBM plugin and behind it is a cluster or farm of WebSphere Portal/WebSphere Application Server nodes.
In some scenarios the SSL connection is terminated at the proxy level and the remaining connection happens via http.
When generating absolute links - e.g. to an image or css file from the Portal web site the code generating the URL has to know that the URL was accessed via https even though the request arrived at the WebSphere Portal/WebSphere Application Server via http.
This is typically handled via a header that is passed from the load balancer to the underlying layers.
In case that does not happen (I recently experienced this with Amazon Web Services Load Balancer) one can configure a custom header that could be passed in or as a workaround configure a common header to force WebSphere to leverage https for absolute links when generating the html.
The property is described here: https://www-01.ibm.com/support/docview.wss?uid=swg21221253
Ideally a custom header can be configured to be send from the load balancer.
If that is not possible or for a short term workaround one could configure for example to force https to use the usually present header Accept-Language.