Here’s a blog entry on some certificate considerations Certificates – who do YOU trust?
If you implement an internal CA to create/manage certificates, your users will get SSL certificate errors on computers that are not members of the domain. This is because the trust path is not “trusted” by computers outside of your organization. So, for OWA a trusted third party certificate is recommended, especially if you plan on synching mobile phones or anything with Exchange.
See this similar question and answers and maybe it will help you with this activity. Let us know if you need further assistance.