Hey somdev

The error message is clear enough: the maximum allowed length of the certificate chain of an authenticating peer, is 10.

Reading a bit more about this, this error comes from the Java runtime (which Apigee uses). Per this comment on a Stackoverflow thread, the error message is the result of some validation being performed by Java, described here.

What is this issue about?

The Java runtime that Apigee relies on is checking the certificate chain that is being sent by the upstream system - upstream to Apigee. In your cases that is the nginx endpoint. Apigee is finding that the certificate list that gets sent back, exceeds 10 certificates. The Apigee runtime (based on Java) is rejecting the TLS handshake for that reason.

and how to resolve.

You need to correct the configuration for the nginx endpoint. Most certificate chains are of length 3 or 4. As API-Evangelist has said, It would be extraordinary to have a chain of trust that is more than 10 certificates in length. So I suppose that you have an incorrectly-configured nginx that is sending too many certificates, probably including some irrelevant certificates, in its ServerHello message during the TLS handshake. You need to correct the configuration of the nginx server to resolve this problem.

If you are not clear what the nginx endpoint is sending back, you can use the openssl tool to interrogate it, to see the chain it sends back. Something like this:

TARGETHOST=host.endpoint.cymbalgroup.com
openssl s_client -connect ${TARGETHOST}:443 -showcerts

If the nginx endpoint is using SNI, then you need something like this:

TARGETHOST=host.endpoint.cymbalgroup.com
openssl s_client -connect ${TARGETHOST}:443 -servername ${TARGETHOST} -showcerts

Is there any limit for cerficate chain length which can be sent by target? if so where is it specified?

Yes, the limit is 10. It's not changeable in Apigee.