By default, nginx disables SSL verification when used as a reverse proxy (using the proxy_pass directive). This means that the CLAMP backend's SSL cert is not checked when gui makes REST calls to CLAMP.

The CA cert needs to be added to the nginx config and SSL verification enabled for REST calls to CLAMP.