First, create a certificate signing request for the IIS server - if you don't know how to do this, google is your friend. MAKE SURE THE COMMON NAME ON THE CERT IS A PUBLIC DNS NAME YOU CAN HIT WITH THE PRE!
Take the CSR, and either sign it with your own key, pay for a real certificate, or use CACert like I did.
If you paid for the certificate, take your new certificate to IIS, and be done with it. Good for you.
If you're cheap like me, and used CACert or your own OpenSSL CA, here's what you do, it's non obvious.
Set up a POP or imap account on your phone, and email yourself the CA certificates as .crt files.
Once this is done, open the .crt files on your pre (YOU CANNOT DO THIS VIA THE WEB BROWSER IT WILL NOT WORK) - open the .crt files by clicking once to download, then clicking again once the progress bar is full. You'll go to the certificate manager.
Click trust certificate, and make sure you can hit the EAS server with https in a web browser. If you can, now try it on the Pre, it should work.