We had same issue. Certifcate Binding (SSL Handshake) first and then URL Rewrite Module.
This post clarified for me: Redirect to 'www' before ssl requirement
Instead of getting another certificate for https://mydomain.com we requested to get Subject Alternative Name in the https://www.mydomain.com certificate.
You can look at how SAN works http://www.digicert.com/subject-alternative-name.htm