You can do it with apache.
First, you need to load the ssl, proxy, proxy_http and proxy_html modules.
Then, you need a proxy setting like this:
<VirtualHost 0.0.0.0:80>
ServerName give_it_a_name
SSLProxyEngine on
ProxyPass / https://your-test-server/
ProxyPassReverse / https://your-test-server/
ErrorLog /the/error.log
</VirtualHost>
Of course you don't need a VirtualHost for this, you can embed the ProxyPass* and the SSLProxy* directives to any other host definition.
Note that the certificate has to be signed by a trusted authority. If you use self-signed certificates, you have to supply them using the
SSLProxyCACertificateFile /the/pem/file
or the
SSLProxyCACertificatePath /the/dir/where/the/cert/files/are
directives.
Also, Apache checks if the name of the remote host is the same as the one the certificate issued to. You can disable this behavior by adding the
SSLProxyCheckPeerCN off
line to your config. For further settings, you may want to check the Apache docs.
Looking at the wget's error output and command line, the problem here is not the client-side certificate verification. It seems the server machine rejects the connection. This may be due to wget not presenting a required client certificate to the server (check if your other browser have it), this particular user agent being rejected, etc.
I'd rather check server's log.
Best Answer
If it is just pure port forwarding then the firewall/router shouldn't need to touch the data, so clearly you're doing something else here.
If you want to leave it modifying the requests then you'll need to put the ssl certificate on the firewall. Otherwise you'll want to stop it modifying the requests.