Easy enough, however on the SBS 2003 Premium, running ISA server as the firewall, you also need to update the certificate in the ISA Outlook web publishing rule too. Right-lick on the rule > Properties > Listener > Properties > Preferences > SSL > Select
But the new certificate doesn't appear on the list. Thats because it needs to be in PFX format, which also includes the private key. This comes from the original certificate request. If you try and export that certificate in PFX format its greyed out, because the private key is missing. There's a quick and easy way to fix the certificate, which doesn't involve exporting or trying to recombine the certificate and key with openssl (yes tried all that!)
Look at the new certificate details and find the serial number - should eb something like a 36 character hex number. Now start a CMD prompt and use the command
certutil -repairstore my "serialno"
Then go back to ISA to change the certificate attached to the web publishing rule listener and your new certificate should be on the list.
(I also did a restart of IIS Admin service - not sure whether that was required or not - let me know in the comments below)