The steps are exactly the same for ISA 2004, but we don't transfer the certificate to the Default Web site. The Default Web site with ISA 2004 has the publishing.company.local certificate assigned to it, and that will need to stay that way. A special note for mobile devices like Nokia E61 (and others for sure, but this device is the one that we could test): some devices really need the Intermediate Certificate Bundle installed, before they will accept the third party certificate. It also happens, that third party vendors are changing their intermediates which will cause errors. So check if your mobile device has the current intermediate certificate installed and if it is up to date. It doesn't hurt however, to always just install the Intermediate Certificate Bundle on the server. Some mobile devices also require that the intermediate certificate is in the .cer format. To obtain that file, follow the steps in this article.