Hi i am an expert in this field from past 15 years. i have worked on various mega projects of cyber security/systems and networks. i think i can help you with your current requirements. Please accept my proposal.
It's an easy task all you need is to Export the remote machine’s certificate (no private key needed) and create a GPO that disperses the self-signed certificate from the remote machine to the local machine.
I have 19 years of experience in IT industry and 13 years experience in Windows Server Administration. Installing various Windows servers version (Windows Server 2003/2008/2012/2016).