[users@httpd] Apache 2.4.53 error AH02411 although hostname matches subjectAltName

[Valeriy Zabawski <dz...@gmail.com>]

Hello everyone,

I have an InfluxDB cluster behind Apache HTTPD. HTTPD encrypts traffic
between client and HTTPD with a certificate issued by corporate CA.
Originally, traffic from HTTPD was proxied using http, but recently I've
decided to encrypt it with a self-signed cert. After enabling encryption
between InfluxDB cluster nodes, I've added self-signed CA to Apache config.
However, if I set SSLProxyCheckPeerName to "on", I get error AH02411.
SSLProxyCheckPeerCN is set to "off". Running Curl with the came CA
certificate works, so it seems like HTTPD checks CN and SAN differently
than Curl.

InluxDB hostname:
influxdb-oss-0.example-influxdb-oss.example.svc.cluster.local
Certificate CN is "*.example.svc.cluster.local" and it doesn't match the
hostname, but in subjectAltName it has "*.example.svc.cluster.local" and
"influxdb-oss-*.example-influxdb-oss.example.svc.cluster.local", which
matches the hostname. My environment has multiple InfluxDB instances, so I
can't set 1 CN, instead I use subjectAltName.

Here's an excerpt from my HTTPD configuration:
<VirtualHost *:8443>
  SSLEngine on
  SSLCertificateFile    "/usr/local/apache2/conf/server.crt"
  SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"

  SSLProxyEngine on
  SSLProxyVerify require
  SSLProxyProtocol all -SSLv3 -TLSv1 -TLSv1.1
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName on
  SSLProxyCACertificateFile
"/usr/local/apache2/conf/influxdb-selfsigned-ca.crt"

  <Proxy "balancer://example-influxdb-oss">
    BalancerMember "
https://influxdb-oss-0.example-influxdb-oss.example.svc.cluster.local:8086"
  </Proxy>
  <Location "/ping">
    ProxyPass        "balancer://example-influxdb-oss/ping"
    ProxyPassReverse "balancer://example-influxdb-oss/ping"
  </Location>
</VirtualHost>

Is there any way to make my configuration work with hostname matching
subjectAltName instead of CN?
Thanks in advance.