Have Foreman's Web Front-End answer multiple domains + SSL Certs

So I dug around and can find how to do this for the smart proxy connections, but not the web front-end. So where is the scenario.

A design team requires all Linux servers to be build in an domain managed by AD DNS, but they don’t like the longer names or using host names, so they create aliases in an entirely different domain. The Foreman server needs to respond to both domains via the web GUI. I can get an Apache server doing this easily, but Foreman on wants to deal with a single SSL certificate. While not explicitly given as a requirement, it is expected that Foreman will also have to handle Puppet Agents connecting in using both names/domains as well.

Has anyone addressed this or something similar. The docs cover multiple CAs and multiple AD domains, but this is on AD domain and a non-ad domain.

Scenario:
foreman-puppet.example.net --> AD managed DNS Domain
puppet.example.com -> Second Domain

Assume a multi-domain CA cert is purchased to handle both host names.

Puppet will have servers from example.com and example.net, which works in the current setup today.

Foreman will have to answer requests to https://foreman-puppet.example.net and https://puppet.example.com without redirecting the other site on the different domain.

Thanks!