The config for Exchange 2003 (which I presume is what you're using) is as MS describe, but it's not really a big deal. You should already be running OWA over SSL anyway if you've exposed it to the Internet (and if you haven't - why haven't you!?!) I'm also assuming you only have one box that handles both Exchange and OWA - is that true?
The process for enabling password change over OWA seems to be fairly straightforward - one change to the IIS server via the adsutil.vbs script, configuring a virtual directory and then enabling the change password button in OWA.
In terms of changing things - you guys do have a backup don't you?