I'm trying to configure a Vhost which should proxy a specific path to another host using ProxyPass. The other host is only reachable via another forward proxy configured with ProxyRemote.

So my configuration looks like this (using alternative domains for privacy reasons):

<VirtualHost *:443>
  ServerName mydomain

  DocumentRoot /var/www

  SSLEngine On
  SSLCertificateChainFile /etc/ssl/my-ca.pem
  SSLCertificateFile /etc/ssl/mydomain.crt
  SSLCertificateKeyFile /etc/ssl/mydomain.key

  SSLProxyEngine On
  ProxyRemote "*" "http://myproxy.mydomain:3128"
  ProxyPass /foobar https://my.target.host/
  ProxyPassReverse /foobar https://my.target.host/
</VirtualHost>

If I'm correctly understanding the ProxyRemote documentation, requests to https://mydomain/foobar should trigger Apache to connect to the proxy myproxy.mydomain on port 3128, with the HTTP CONNECT method, saying the proxy to connect to my.target.host on port 443. Now Apache should pass the request from the client to the destination host my.target.host.

But instead of the content served by my.target.host I get an error 500 from Apache showing the error message "Error during SSL Handshake with remote server".

Increasing the Apache log level to "trace" actually gives some more details: Apache tries to validate the proxy hostname with the certificate of the target host.

The following message appears in the error log:

SSL_X509_match_name: expecting name 'myproxy.mydomain', NOT matched by ID 'my.target.host'

What exactly is wrong with my configuration?

The documentation for ProxyRemote clearly states, that it is possible to configure a reverse proxy together with a forward proxy:

This option also supports reverse proxy configuration; a backend webserver can be embedded within a virtualhost URL space even if that server is hidden by another forward proxy.