Reverse Proxy Prompt for Client Certificate?

[mevans336]

I am trying to set up a reverse proxy to the Windows Admin Center (WAC). The
WAC requires the use of a client certificate for authentication. When I log
into the WAC via https://localhost:6516 or https://192.168.0.100:6516 I am
prompted for the certificate and everything works fine. If I attempt to log
in from outside my network across the WAN, I simply receive a 403 without
being prompted for the certificate.

Microsoft says if you don't get the certificate prompt or choose the wrong
one, you will get the 403, so I think something with my nginx reverse proxy
config needs to be set to pass the certificate request through?

Here is the relevant config ... I started with nothing but a bare proxy_pass
and have added the rest of the directives on as I was trying to get it
working.

location /winac {
                proxy_pass                                  
https://192.168.0.100:6516;
                proxy_ssl_verify                            off;
                proxy_set_header                         X-SSL-CERT
$ssl_client_escaped_cert;
                proxy_set_header                         X-SSL-CERT
$ssl_client_cert;
                proxy_pass_request_headers      on;
        }

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,280385,280385#msg-280385