I cant remember if this is correct, but I thought one time a Cisco TAC engineer told me I could do the following: (not you Michael, but any help would be great!)
Log into OWA with Firefox
Double click to the Lock i the corner
View the Cert
Save the cert.
Use this CERT to upload to the CUPS server for Exchange access.
If I use Makecert, then the Exchange Admin will have to upload this the Exchange server... (security paranoid) The process will be long and painful to make it go through.