I've created a self-signed certificate via openssl for *.mydomain.com, and it works e.g. for www.mydomain.com. However, when I go to mydomain.com directly in Chrome, I get an error (You are attempting to reach mydomain.com, but instead you actually reached a server identifying itself as *.mydomain.com).
Should the *. certificate cover the main domain as well? What should I do to resolve?
Use a Subject Alternative Name in the SSL cert to cover the non-subdomain name (mydomain.com). For an example see http://therowes.net/~greg/2008/01/08/creating-a-certificate-with-multiple-hostnames/.
I'm not sure why Jan's answer got downvoted, as it correctly diagnoses the problem, even if it doesn't give a fix.
You would need to get a cert that supports multiple domains.
*.mydomain.com does not cover mydomain.com as it will only cover subdomains of mydomain.com eg. anythinghere.mydomain.com.
You could always redirect users who go to mydomain.com to www.mydomain.com and then the cert will work.