Your next thing to test, from a vanilla/completely
reset browser, would be
to load up these corresponding cert+key and ca chain files
into that blank
slate, and ensure that these credentials actually work
against your backend;
Also drop your proxy server's log level to debug and
discover what it has to say.