Just to bring this up again. Thanks for letting me know where to put the certificate, the clients on the local domain seem happy enough.
My next problem is a certificate for the outside. I have set up a access rule on our cisco firewall so that outside IP address talks to the inside email server. The only problem is, obviously the certificate isnt there. Can i use a self signed certificate if i authorise it in a CA server or will i need to go to someone like thwates and get a certifcate from them? Once i have got a certificate, where do i store it on the exchange server?