This is not only possible. This is an absolutly recommended practice. More or less a MUST.

define a CName in DNS which is populated to the whole company.

e.g.:
ip1    hostname1.intranet.net   jazz1.company.com

Use this new alias as your stable URI. Order a official WEB certificate for usage on the Webserver SSL port.

Use a reverse proxy bteween your Webfrontendserver and your application server to redirect the HTTPS standard port (443) to the application port (e.g. 9443)

Between the IHS plugin and the WAS you can use the selfsigned certificate. There you don't need an official one. You can extend the lifetime of the selfsigned certuificate up to 15 years, on this internal link. But it has to be https, also on a single host.

e.g.
client -->> https://jazz1.company.com/contextroot on IHS port 443 -->> IHS plugin -->> https://hostname1.intranet.net:9443/contextroot on WAS port 9443

Do exactly the same for your DB server. also if the DB server is on the same machine as the applicaation server.

e.g.:
ip1    hostname1.intranet.net   jazz1.company.com   db1.jazz.company.com

    or

ip1   hostname1.intranet.net   jazz1.company.com
ip2   hostname2.intranet.net   db1.jazz.company.com

Do all DB calls with help of this Alias.