Hello!
> The only thing you can specify is ssl_client_certificate (and
> ssl_client_certificate_key), and it is used only in connections
> with clients.
>
Following Nginx docs (http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate) you can specify ssl_certificate_key and ssl_certificate files in an nginx conf file which specifies the files with the certificate in PEM format for the given virtual server. The ssl_client_certificate configuration refers to CA cert used to verify clients.
I'll rephrase the question. I'm interested in server certificates (not client). The ssl_certificate_key file is used as a private key for the server to decrypt ssl connections for clients. I'm looking to configure another key for encrypting ssl connections from niginx server to upstream server.