Hi John,
A few thoughts.
You said you installed the Certificate for your Exchange onto CRM. Did you specifically install it onto the Email Router Machine? Because that is where it needs to do (not the CRM backend machine).
You can in fact turn it off if you want too, however does your Email Server itself require it? If so the you can't turn it off, not because technically you can't but because you won't get your email there.
If you have not looked at this already I would recommend it
https://technet.microsoft.com/en-us/library/hh699786.aspx
It talks all about the email router configuration
You should be able to use your * certificate and it work properly. However... to be honest I haven't seen anyone (that I know of) use that type yet :-)
Cheers