Setting up an SSL certificate on an SBS machine is not hard, and it's in a previous blog.
But there are some additional steps if you also have ISA 2004 on that machine. If you don't make the small, but necessary adjustments you get this error page:
Go into the web listeners in ISA Management and change the certificate that ISA is using
change the TO name in the web listeners (located in the firewall policies for each web publishing rule – SBS OWA web publishing rule, SBS Outlook via the internet web publishing rule, and several others) from publish.domain.local to mail.domain.com
And you also need to create a host file entry that pointed mail.domain.com to the INTERNAL ip, when you ping it normally, it resolves to the external IP.