Nginx as the proxy that provides client certificate and faced connection attempt failed talk to upst

Hey,

I’m using nginx for windows as a reverse proxy to upstream server. The
upstream server requires client certificate and thus in the nginx
config, I put the following:

location / {
proxy_ssl_certificate_key cert.key;
proxy_ssl_certificate cert.crt;
proxy_pass https://upstream;
}

and the key and cert are pem format.

However, when I send request to the nginx proxy, it returns 504
gateway timeout and the error log is

10060: A connection attempt failed because the connected party did not
properly respond after a period of time, or established connection
failed because connected host has failed to respond) while reading
response header from upstream

And I confirmed by curl with the cert files above directly to the
upstream and it worked.

Can someone please help understand what could be wrong here?

Thanks,
Jason