Using client certificates with multiples vhosts might show limitations.
If a deployment consists of:
- A first layer of Nginx reverse proxies, for TLS termination;
- Connected, with TLS client certificates, to a set of backend "application" servers;
- And the Host / SNI headers sent to the backend don't match that sent to …