don't under estimate how deep you may need to go to get this working. I have now got this working but it has taken much frustration on my part. I've exhausted the knowledge of a hired expert and drawn blanks from the posts and responses on the forum. All of the help I have appreciated.
In the end I asked the tech support people at my hosting provider if they would have a look even though they normally drawn the line at "fixing website issues" and we do now have a working system.
Bear in mind that on the same hosting package, I have 2 Opencart installations running, both 1.5.x. One has an SSL on the primary domain and the other does not. The installation without the SSL supports multistore without any trouble at all.
The other one, our main installation, does have SSL certificate on the primary and has been the one that has been a right "cow". Every additional domain now needs an SSL, we are currently testing with a free self-signed certificate.
Our hosting is on a proper PCI DSS compliant server and it is the additional security in place via modsecurity, once an SSL is installed, that has caused our issues. It has been resolved by changes to .htaccess but also to modsecurity rule settings. Some hosts that do not specifically list their servers as PCIDSS compliant, turn off all the modsecurity rules so that everything runs without issue, but at the expense of security. Tech Support at our host has modified the necessary rules to allow multistore to run, whilst not significantly reducing server security on our primary Opencart directory.
Tech Support have already advised that they will need to make further changes when we add further multistore domains.
http://www.modsecurity.org/
modsecurity can normally be accessed via cPanel, but please do not ask me how to configure it, I have no idea. I'm not even sure whether it is user modifiable or has to be done from the hosting providers side.
It always was our intention to install SSL's on all of our shop domains anyway, so having to have on the secondary domains is not a problem to us. It is now becoming "expected" in the UK that shop sites are secured by SSL especially when customer details are stored. And to be honest, I don't use online shops that don't have them.
So, in a nutshell, if your hosting allows you to set up multistore with a mix of SSL and non-SSL domains without any hassle, you need to check the server is actually PCI DSS compliant!