Let's Encrypt is a certificate authority that provides certificates for free. (for more info : https://letsencrypt.org/)

If the DMZ will do public key authentication, in the user manager, set the public key path for this 'template' user to be just the three letters in uppercase: DMZ.  This will allow automatic public key verification based on keys configured on the internal server to be validated on the DMZ as well.

[attachments|dmz_publickey.png]

----
!No prefs are stored on the DMZ server.