In case someone else has the same problem, here is how we got around those certificate errors.
When requesting the webserver certificate we added some SANs (Subject Alternative Name) to the CSR. We added the server name, the FQDN and the IP.
Here is an example of the attribute string:
SAN:DNS=server1.mydomain.local&DNS=server1&DNS=192.168.1.11
With this we ar able to connect to
https://server1:1311
and
without any certificate problems.
And the link within the OME works, too.