Hello,

I have a configuration an nginx proxy server "NGINX_SERVER" as the following:
listen 443 ssl default_server;

chunked_transfer_encoding on;

ssl_certificate server.crt;
ssl_certificate_key private_key_server.pem;
ssl_client_certificate trustedCA.crt;
#ssl_verify_depth 7;
ssl_verify_client optional_no_ca;

location / {
proxy_http_version 1.1;
resolver 127.0.0.11;
proxy_ssl_trusted_certificate trustedCA.crt;
proxy_ssl_verify_depth 7;
proxy_ssl_verify on;
proxy_pass https://13.78.229.75:443;
}

The server "13.78.229.75" has a server certificate generate for an IP. When I do
curl --cacert trustedCA.crt https://13.78.229.75:443 -v
from "NGINX_SERVER", everything works fine. So the server certificate from "13.78.229.75" should be good.
Additionnally openssl s_client -connect 13.78.229.75:443 -showcerts -verify 9 -CAfile trustedCA.crt is good too.

However when I try to curl my "NGINX_SERVER":
curl https://"NGINX_SERVER
I get:
*110 upstream SSL certificate does not match "13.78.229.75" while SSL handshaking to upstream, client: 13.78.128.54, server: , request:

Looking at the server certificate, everything looks ok:
Subject: CN = 13.78.229.75
X509v3 Subject Alternative Name:
IP Address:13.78.229.75, DNS:iotedgeapiproxy

I am at loss. How can curl/openssl tell me my server cert is valid while nginx telling me it is wrong. What am I doing wrong?
Thank you!
Hugues