Bruce,
ACS can genrate self sign certificate but this will only work when client do not validate server certificate. If validation is required in your setup then self sign cert wont help.
If installing cert on each client is feasable then configured not to validate server cert then your current set up will work fine.
Regards,
~JG
Do rate helpful posts