If your SSL was Self Signed it would work for DEP or other means of enrolling into MDM as mdm requires a signed
If the SSL certificate is created and signed by the JSS Certificate Authority it does work for MDM as long as trust is established to the built in Certificate Authority (an untrusted issuer) which it does with the Anchor certificate in the DEP prestage or during enrollment as long as you dont have the checkbox enabled for Settings>Global Management>User Initiated Enrollment>General>"Skip certificate installation during enrollment".
Some of the cert differences are listed here: https://www.jamf.com/blog/enhancements-to-certificate-security-for-mdm-enrollment/
@Brad_G is correct that you will see the 'Approve' button on 10.13+ for the MDM profile if it was enrolled via any means other than DEP at this time but the MDM is still there and works for deploying profiles regardless if its approved or not. As @jmahlman stated, nothing in High Sierra around User Approved MDM should stop config profiles from coming out until Apple enforces UAKEL till Spring 2018 per https://support.apple.com/en-us/HT208019.
While on the computer that was just upgraded and not wiped to go through DEP, if you run sudo jamf mdm -verbose, what does it show? Are you seeing the MDM profile come down but not other configuration profiles?
