What type of certificate is used on a reverse proxy when doing mutual auth with a backend server?

Question

I need to to configure Mutual Authentication between a Reverse Proxy and a backend (in NGINX terms upstream) server. Initially I used a server certificate to identify / authorize the Reverse Proxy, but I was informed that this was incorrect, I need a client certificate for the reverse proxy in the mutual authentication. I have requested the certificates again, this time as client certificates, but after I have configured this, the Mutual Authentication (the SSL session establishment) still fails.

With client certificates I mean certificates with Extended Key Usage set to Client Authentication (OID 1.3.6.1.5.5.7.3.2).

The SSL set up worked fine before attempting to configure the Mutual Authentication, but I am almost hesitant to mention this, as I've tried kept this question generic by not specifying the actual servers being used and the error messages encountered. I would like a conceptual answer: Configuring mutual authentication between a reverse proxy and a backend, does the reverse proxy use "client certificates" or not?

Answer 1

On the question: 'Configuring mutual authentication between a reverse proxy and a backend, does the reverse proxy use "client certificates" or not?' the answer is YES.