No Cisco Collab product support wildcard certs as the server identity certificate; however, that should not be an issue for outbound connections where CUCM is the TLS client attempting to validate a wildcard cert from an external system.
Did you restart DirSync itself? You mention restarting Tomcat but then say “checked DirSync” instead of restarted.
If yes, grab a PCAP from the publisher and see what the TLS handshake looks like. Is the cert chain offered by the LDAP server what you uploaded to Tomcat-trust? Are the CRL and/or OCSP URLs in the certs valid and working, ie HTTP:// vs. LDAP:// (a common mistake when deploying AD CS)?