IIS LAN and WAN separate SSL certificates for the same server
Solution 1:
You can use single public certificate for both, external and internal clients. There is no need to use separate certificate for internal clients. Keep things simple.
Solution 2:
You can't use different certificates for the same website (*). Use a public certificate, internal clients will trust it just fine.
(*) There are workarounds, but they are quite cumberstome and you shouldn't use them unless absolutely required.
Solution 3:
I would agree with the other comments that if a simpler setup works for you, go simple. But to answer your original question, you can have multiple site bindings - you would setup one with the internal IP address and internal certificate, and another with the external/DMZ IP and public certificate. I would also suggest defining a host name per binding and selecting the Require SNI checkbox (not checked below but should be).