After upgrading the API gateway api CR02 to version 11 CR1

It seems that when the API gateway  (as client) makes a request to one of its IPs on port 8443 it fails with this error:

2023-10-07T09:18:02.077+0200 WARNING 929 com.l7tech.server.policy.assertion.ServerHttpRoutingAssertion: 4042: Problem routing to https://hostname:8443/auth/oauth/v2/token.

Error msg: Unable to obtain HTTP response from https://hostname:8443/auth/oauth/v2/token: The size of the handshake message (39991) exceeds the maximum allowed size (32768)

Release : 11.0

The problem is caused by a large amount of certs which has the option enabled to be a client signer certificate .

to resolve this go to the directory 

/opt/SecureSpan/Gateway/runtime/etc/profile.d

edit the  ssgruntimedefs.sh with nano and add 

default_java_opts="$default_java_opts -Djdk.tls.maxHandshakeMessageSize=65536"

In the following block 

default_java_opts="$default_java_opts -Djava.security.policy=${SSG_HOME}/runtime/etc/ssg.policy"
default_java_opts="$default_java_opts -Djava.security.properties=${SSG_HOME}/runtime/etc/ssg.security"
default_java_opts="$default_java_opts -Djava.security.egd=file:/dev/./urandom"
default_java_opts="$default_java_opts -Dfile.encoding=UTF-8 "
default_java_opts="$default_java_opts -Djava.awt.headless=true -XX:CompileThreshold=1500 "
default_java_opts="$default_java_opts -Dcom.l7tech.server.defaultClusterHostname=$(hostname)"
default_java_opts="$default_java_opts --add-opens jdk.crypto.ec/sun.security.ec=ALL-UNNAMED"
default_java_opts="$default_java_opts --add-exports java.security.jgss/sun.security.krb5.internal=ALL-UNNAMED"
default_java_opts="$default_java_opts --add-exports java.security.jgss/sun.security.krb5.internal.ktab=ALL-UNNAMED"i
default_java_opts="$default_java_opts -Djdk.tls.maxHandshakeMessageSize=65536"

Save the file and restart the ssg service 

service ssg stop and service ssg start 

do a ps -eaf | grep tls to see if the setting has been applied to the JRE running gateway.jar