Yes, You can use SSL with WSUS and use a multi-domain or even a NO DOMAIN strategy.
The SSL Certificate must be trusted by each of the clients. WSUS itself doesn't care what domain the computer belongs to, or even if it is part of a domain (Workgroup environment).
As long as the client systems TRUST the SSL Certificate, the computers will be added to WSUS and will work.
You have 2 choices
- A PUBLIC SSL Certificate, which is trusted by every client and it will 'just work' if you do it this way, but you must use a public SSL certificate either at a cost or free with Let's Encrypt.
- A privately generated SSL Certificate - either self-generated or from an Internal CA. In this case you MUST install the ROOT CERTIFICATE (or self-signed certificate) into the client BEFORE the client will be able to communicate with the WSUS Server. Normally this is done through GPO on a domain because it's easier, but can also be done ad-hoc (especially for workgroup systems) by importing the certificate into the trusted root certificate stores.
https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-7-ssl-setup-for-wsus-and-why-you-should-care/
https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/