Hi Jon
Regarding #1, if a vCenter component connects to the Inventory Service using hostname.domain.com, but you only setup dnsalias.domain.com in the commonName / subjectAltNames of the certificate, then hostname.domain.com will not match any identity within the certificate and the connection will not be considered 'verified'. So either:
1) Use the hostname that was confirmed when you installed IS (One of the steps was to confirm the local system name - it should have been an FQDN).
2) Add hostname.domain.com to commonName and subjectAltName, but also add dnsalias.domain.com to subjectAltName so that you are covered for all possibilities.
Regarding #2, this line is not relevant to processing the cert and is informational only. It can stay as is, or other examples that you could use for OU might be: IT, IT Operations, MIS, etc.
Cheers
Mark