URL Rewrite?

I am currently trying to form a configuration that is troubling me! I need a way to rewrite a url so that a machine will not have to ask for port 443, but another machine (possibly the machine hosting the certificate) will supply. Here is the problem: There will be a website answering on port 80, from here the user wants to do something (like any secure transaction; payment, secure document, etc...) this will then not use port 443 in that string but instead will go to a 2nd server (this is what I think) that has the certificate installed, authenticate back to the client machine, then go to the DB hosting that said secure information, etc. To me it looks like this will need the middle machine to be able to perform this action....a way to 'rewrite' the URL so that port 443 is not open to the internet (which is the whole reason for having to do it this way - and yes you did see that correctly...port 443 is not going to be opened to the internet from the first machine.) If anyone has any input, it would be greatly appreciated!