If you want the user to be able to view your site by visiting https://username.domain.com and browse under that same domain (meaning they'll always be making requests to https://username.domain.com), then you're going to need a wildcard SSL certificate. If you just have an SSL certificate installed for domain.com, then the request will not have the chance to get rewritten by your server. The browser will throw a security exception first, since the domain on the certificate does not match the domain being viewed.
If you don't mind having your users browse your site at https://domain.com?user=username, then you could have them first visit http://username.domain.com and then redirect them to https://domain.com?user=username. Then all secure browsing would have to take place under https://domain.com, and that would eliminate the need for a wildcard certificate.
When you go to purchase your SSL certificate, I would recommend asking for tech support and running your scenario by them. I've found Digicert to be very helpful in this regard (and no I do not have any affiliation with them other than being a customer), but I'm fairly certain they will confirm that you need a wildcard certificate.