It's possible to do what I want with the mod_ssl module for Apache. The relevant directive is called `SSLProxyVerify` http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#SSLProxyVerify. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,235567,235568#msg-235568