HTTPS is HTTP over TLS/SSL (see RFC 2818), which first establishes the SSL/TLS connection before any HTTP traffic is sent. Any redirection (via mod_rewrite, custom PHP code or other) will always apply after the SSL/TLS connection is established.
Not doing so would actually be a security issue, since an attacker could rewrite and redirect the client before the certificate has been verified.
If you want to redirect from https://domain.com to https://www.domain.com, the certificate obtained for https://domain.com must be valid for domain.com (and then, the certificate obtained for https://www.domain.com must be valid for www.domain.com).
(You could use two different certificates with Server Name Indication if the two hosts are served on the same IP address, but this is rather convoluted.)
The easiest would be to obtain a certificate that’s valid for both domain.com and www.domain.com. This can be done using a single certificate with multiple Subject Alternative Name entries. Most CAs should be able to issue such certificates. Some do it without additional fee.