You can use .private but if there is EVER the possibility that this would be used outside your LAN, then I would use a FQDN.
You do not need a commercial certificate. A self-signed will work fine.
The default self-signed has a 1 year expire. If you don't want to deal with updating the cert in a year, I would create a new 5 year cert.
This option is harder to find now with mountain lion.
From the Certificates section in Server, first click the gear and choose 'show all certficates', then hit the + button and choose 'Create a trusted certificate'. You will see a button to override defaults. This allows you to have a different expire date.
You can reset the profile manager data (stored in postgres) with: