If you can point out what doesn't make sense in this documentation i'm sure someone can help you.

page 10 of the install guide for ports on the communication server (see external):

http://docs.blackberry.com/en/admin/deliverables/40315/Universal_Device_Service-Installation_and_Con...

page 9 of feature and tech overview for a diagram of a DMZ install:

http://docs.blackberry.com/en/admin/deliverables/40316/Universal_Device_Service-Feature_and_Technica...

Our UDS is definitely not sitting in our the DMZ and is communicating fine. You just need to ensure that the SSL traffic can get through from the outside to the UDS server.

Couldn't you potentially have more issues with it being in a DMZ, like EAS communication?

In my Fusion setup, I have the UDS core/console services installed on a box on my local lan and the communication module for UDS in the DMZ, and all works fine.  As long as you have all the appropriate ports opened to/from the box on your local LAN, and outbound from the box in the DMZ you should be good.

I have a wildcard cert from Digicert installed on my UDS server but still no dice.  Where did you get your cert from?  did you purchase it specificlly for your UDS server?

I'm using a Digicert UC cert and have no issues.  As long as the CN for your cert is the externally accessible DNS record you should be ok.  I have other domains on that cert too and have no issues.

I uploaded the CSR from IIS7 to digicert and exported the server certificate (in crt format instead of cer, as there is a IIS7 bug for .cer cert imports) and all was well.  Then you export the certificate from IIS with a password and use it to continue through the UDS communication module install.