How to Publish Business Portal SL Site through TMG?

You need a different IP# on the public side of the ISA/TMG for each SSL Certificate unless you are using a Wildcard Certificate of one of the other type of multi-FQDN  Certificates.

Not familiar with BP but it would just be an SSL Site,..TMG does not really care why it is there or what it is used for.

You would install the Certificate on the BP Web Server machine first,...then export the Certificate as a PFX file and save it to the desktop, network location, thumbdrive, whatever.  Get the PFX file on the ISA/TMG and import it in to the Cetificate Store using the Certificates MMC.    In other words,..the same thing you did with OWA.

Publishing it would be just following the Rule Wizard for publishing an SSL Site.  Basically this would be identical to doing it with OWA except that you would not be using Forms Based Authentication,...you would just use Basic Authentication.

We have the static public IPs.  
DNS entries publish for our web domain pointing to the Public IP.  
Firewall forwarding Port 80 and 443 traffic to TMG.
TMG has a wildcard cert for the public web domain.

We are good on that part and publishing out external sites with anonymous access enabled for the landing page (i.e OWA, RDWeb, etc).

BP for SL rides on top of SharePoint and only authenitcated user can access the site.  Where we are stuck is how to configure the TMG rule authentication.  I think it is the authenication settings in the listener I am have trouble with.  

When I test the rule it passes but upon closer inspection I see I am getting http response: 401 Unauthorized.

I need TMG or the site to prompt for credentials opposed to denying access.