you'll need to use the ssl daughtercard anyway.
The reason is that the traffic is encrypted as soon as the client uses https:// as the url.
So, to send a redirect response, you need to encrypt it since this is what the client expect and the encryption can only be done by the daughtercard.
Gilles.