Your steps are fine. You can use the same export and use the same certificate on ISA and Exchange 2003.
There is no impact to your existing environment as long as you do not point your mail.company.com record to your Exchange 2010 CAS.
Before pointing your external mail.company.com record to Exchange 2010 CAS, suggest test all functionalities locally...
Have a look at :
http://ilantz.wordpress.com/2010/03/12/how-to-publish-exchange-2003-and-exchange-2010-with-isa-2006/