Description of problem:

Request an improvement in the `katello-certs-check` tool to enhance hostname validation. The goal is to ensure that the CN and SAN are consistent with the hostname,

Version-Release number of selected component (if applicable):
satellite-6.14

How reproducible:
installation

Steps to Reproduce:
1. Install Red Hat Satellite
2. Create a Custom CSR + KEY for a Server Certificated and get it signed by CA
3. Add CN and SAN as satellite.example.com instead of the actual hostname

Actual results:

I conducted a test scenario to validate SSL certificate configuration for a Red Hat Satellite server:

The hostname of the server: patching.example.com

1. Created a CSR with CN as `satellite.example.com` and SAN entries.
2. Used `katello-certs-check` to verify certificate aspects, which pass the validation
3. Attempted server installation with custom certificates.
4. Faced an SSL_connect error during installation due to a hostname mismatch.
5. Analyzed `katello-certs-check` and considered filing an RFE for potential improvements, such as enhanced hostname validation and error messaging.

2024-01-22 07:41:49 [ERROR ] [configure] SSL_connect returned=1 errno=0 state=error: certificate verify failed (Hostname mismatch)

Expected results:
Modify the tool to perform a stricter check, ensuring that the CN or SAN includes the actual hostname being used during the installation.
This can involve comparing the CN or SAN entries against the hostname used in the installation, addressing potential hostname mismatches.
Include details on which CN or SAN entry was expected and which one caused the mismatch.
Ensure that the documentation for katello-certs-check communicates its hostname validation logic, limitations, and recommended use cases.

Additional info: