Greetings,<div><br></div><div>We are trying to decide between SNIProxy and stunnel for the following task:</div><div><br></div><div>- Client browser hits <a href="https://foo.bar.org">https://foo.bar.org</a>, which resolves to an IP that corresponds to the stunnel machine listening on 443.</div>
<br><div>- stunnel "forwards" (sorry if this is not the correct technical term) the connection to a different machine, specified by a different IP address, which is also configured to believe it is <a href="http://foo.bar.org">foo.bar.org</a> and actually has a web server listening on 443 and houses the SSL key/cert.</div>
<div><br></div><div>- when stunnel hits the end server, the latter sees the stunnel IP address as source, not the original user's (who initiated the web request for <a href="https://foo.bar.org">https://foo.bar.org</a>). �I believe this is default behavior, but just noting it for completeness.</div>
<div><br></div><div>Is it possible to accomplish this (stunnel listening on and connecting to https endpoints) without housing any certs/keys on the stunnel machine itself, because we want the second server to deal with all that and we do not have access to those keys anyway. �And of course, the users which go to the <a href="https://foo.bar.org">https://foo.bar.org</a> should not see any cert mismatches as a result of loading <a href="https://foo.bar.org">https://foo.bar.org</a> which, for the user, will resolve to the stunnel/proxy IP, rather than the end server which actually had a running web server and keys/cert.</div>
<div><br></div><div>Sorry if the above detail is insufficient; do let me know.</div><div><br></div><div>Thanks for your help.</div><div><br></div><div>Gary</div>