This update to JDK essentially means that certificates require a common name for the endpoint to make a successful connection. This is accomplished by including Subject Alternative Names in the certificate makeup. This would pass any and all common names (Not Ip addresses) that the certificate refers to as the "ldaphost_name". This includes aliases to load balancers.
Unfortunately the Policy Manager for API Gateway 9.3 does not have the ability to add SAN's to a Certificate Signing Request. This would need to be done using another method like OpenSSL.
The workaround is to use the setting supplied in the java release notes.
For Gateway this would be adding the below line to /opt/SecureSpan/Gateway/runtime/etc/profile.d/ssgruntimedefs.sh
default_java_opts="$default_java_opts -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"
Then restart the Gateway.