There are special multi-server certificates. You will need to get a different kind of certificate for this use. And yes, the certificate will need to be imported on the ISA server.
Actually, looking at the URL you mention (/exchange) you’re dealing with Exchange 2003. The only certificate needed for this version of exchange is the actual IIS certificate. This certificate is requested from for example the first Exchange 2003 OWA server using the IIS admin interface. This request is either processed on your own internal PKI if you have one, or you sent it to an external trusted CA like Verisign or Comodo or any other available out there.
Once you get the certificate back (you have this already) you complete the Cerrtificate request on that same IIS server.
Once you have the certificate installed, you open MMC and in MMC you load the Certificate snap-in and connect to the local computer account.
In the Certificate Management console you see several certificate folders. Open the Personal\Certiicates folder. In there you see the certificate for your URL-cn “owa.domain.com”. Right-click that cert and choose “All Tasks –> Export”. Export the certificate including the private key. On the next screen choose to “include all certificates in the certification path if possible”. You can choose (recommendded) to password protect the exported certificate.
Once you have the exported PFX file, copy that file to your second OWA and your ISA server(s).
Open the MMC on these servers and install that exported certificate into each computer’s local, personal certificate store.
Once installed/imported into the local personal store you can install that certificate in IIS on the second OWA server using the IIS Management Console.
On the ISA Server you can now create a OWA Pulishing rule and create a listener for your OWA requests. On that listener you can choose to require SSL and select the installed certificate.
I hope this helps you to complete your task.