LDAPS Switchover - Basics


Hey folks.

I'm just about to try and tackle the switchover to LDAPS on our Jamf on-prem instance, and getting myself a little confused in the process. These may be basic questions, apologies if so!

Our current setup is thus:
- Two Jamf servers (one front-end, one database), both running Ubuntu 18.04
- LDAP connectivity currently set up in JAMF and functional for logins, groups, etc
- All our Macs are bound to AD via a policy that uses the "Directory Binding" payload, and our user all log in with AD credentials
- Our DCs are currently set up with LDAPS enabled (tested via ldp.exe)

To progress the switchover I'm following this guide here.

We're currently on step 3 (as our domain is still a .local), and our AD admin has asked if we can do this via self-signed cert instead of exporting the root certificate (following something similar to this guide).

Does anybody have any experience as to whether using a self-signed cert generated from a DC like this would be ok? I believe it'll generate a .pfx file, but I can split that up to get the relevant files to import into an Ubuntu keystore?

Providing I can actually get it to the point where that's imported ok, and I can edit my LDAP connection to use SSL and connect to AD in Jamf, is there anything else I need to consider for existing AD-joined Macs, or new ones coming online and using the Jamf Directory Binding payload?

Thanks in advance for any tips!