Remove unneeded certificates

Looking at your list of Certificates in Server, I would save ALL of those. Two are generated by Open Directory (Issuer is ~IntermediateCA) and one is used by Profile Manager (Code Signing Certificate). The third looks like your properly acquired signed certificate. If anything goes wrong with your signed certificate, and the server falls back to the other certificate, any enrolled devices will correctly recognise it, and you don't have a third party Code Signing certificate, so if you want to sign Profiles from Profile Manager, you'll need that one.

I'd be careful about digging around and deleting things directly from System Keychain. You could delete "Server Fallback SSL Certificate". However, before deleting ANYTHING from System.keychain, I'd recommend creating a new keychain, and COPYING (option-drag) anything you intend on deleting from System.keychain to that new keychain before deleting, and when you're all done, CAREFULLY choose to delete the new Keychain, BUT ONLY DELETE REFERENCES. That removes the keychain from being considered but leaves the files in the Finder (~/Library/Keychains/whatever-you-named-it.keychain). Maybe back up those files before deleting from Keychain Access. Then, if you accidentally deleting anything you shouldn't have, you can get it back.

The other thing you can do, is filter by My Certificates, and then it groups any valid certificates in your keychain with the certificate AND key. Then, when you export that, it creates a .p12, which is pretty easy to restore, and/or break back up into separate certificate and key PEM files. Here's a great openssl resource I've used for such commands: https://www.sslshopper.com/article-most-common-openssl-commands.html.Of course, you don't need to group by My Certificates, but the .p12 files are a nice way to save all the necessary pieces of a certificate.