How can I serve all resources under HTTPS instead of HTTP without changing their URLs in the HTML code
You need to drop the 'http:' prefix from all image (and any other) links on your site. When you do so, your browser will default to whatever protocol the page loads with. For example this is best:
<a href="//www.example.com/">
And this is not:
<a href="http://www.example.com/">
The top example is perfectly valid markup and you will load all your resources over an HTTPS connection with the rewrite you already use. Start using it for all links as it works with both HTTP and HTTPS, so you won't ever have this issue again if you enable or disable SSL.
The only consideration is if you are using a CDN or other third-party hosted content on your site. If you are, the above advice will only work if they make their resources available over HTTPS also.
Once you do this, your EV (Extended validation) certificate will work as you are expecting and you should see all resources on the page load over a secure connection.
As a quick fix, you can ask the web browser to rewrite all your HTTP URLs as HTTPS by sending the Content-Security-Policy: upgrade-insecure-requests;
header or <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
meta tag with every page.
This is not meant to be used as a permanent solution, but as as a transition tool until you can get all your URLs converted to https
.