I personally wouldn't use a Windows Server OS Box as the passthrough. Windows has a relatively large attack surface. I personally would use a Linux box with a reverse proxy server running on it like haproxy or nginx.

Thanks unfortunately this location where everything is has a Windows only policy. This is why I was thinking of the Windows Server solution.

Yes, that's a known problem. It is like working at a moving and trucking company where the management insists on using Ferrari for all their transport issues. Just that the management is used to it and like the bright colors, doesn't mean it is the best tool for the whole company. Unfortunately for our business, the average moving and trucking company managers seem to have a better understanding of the needs of their core processes than ICT managers.

Luckily for you, Nginx is available for Windows. It has slower performance than their Linux counterpart, but when you are using a non-https capable backend server on Windows, I guess suboptimal performance by the front-end proxy is not your biggest concern.

Lammert,

The application at this particular location uses a WIMP stack and the app runs very well Absolutely no performance issues, but for whatever reason they can't upgrade it to support newer software.. They really want to run the SSL offloading on a new Windows Server box. Just looking for direction on best way to achieve that.

Thanks again