Hi Martin,
If you are using the web adaptor, you will not specify port 7443 in the URL. The certificate should be issued to the web server that the web adaptor is installed on.
In the case where the web server has a DNS alias. For example, the server name of the web server may be: arcportal.esri.com
But, the DNS alias is: gis.maps.com
The certificate should be issued to gis.maps.com, as that is the URL the users will be accessing portal from. I usually recommend having the server name (i.e. arcportal.esri.com) included as a Subject Alternative Name in the certificate.