Cloud Access Manager certificates are stored centrally in the CAM Database and pushed out to all proxys from there, and so a single certificate serves all proxys.
We generally recommend deployment of a wildcard certificate to cover all proxied URLs (e.g. *.webapps.cam.com) but if you have FQDNs that do not share the same domain name then you can use a single Subject Alternative Name (SAN) Certificate to secure them all. The only drawback is every time you add a new proxy URL you will need to replace the certificate to add the new FQDN since it will not be wildcarded, so some forward planning is required when obtaining the certificate.
It's possible that some signing authorities may now support the use of wildcards in SAN certificates, check with your provider before proceeding.