I am trying to set up a reverse proxy to the Windows Admin Center (WAC). The WAC requires the use of a client certificate for authentication. When I log into the WAC via https://localhost:6516 or https://192.168.0.100:6516 I am prompted for the certificate and everything works fine. If I attempt to log in from outside my network across the WAN, I simply receive a 403 without being prompted for the certificate.

Microsoft says if you don't get the certificate prompt or choose the wrong one, you will get the 403, so I think something with my nginx reverse proxy config needs to be set to pass the certificate request through?

Here is the relevant config ... I started with nothing but a bare proxy_pass and have added the rest of the directives on as I was trying to get it working.

location /winac {
proxy_pass https://192.168.0.100:6516;
proxy_ssl_verify off;
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_set_header X-SSL-CERT $ssl_client_cert;
proxy_pass_request_headers on;
}