VASA Provider registration fails when Subject Alternative Name has 2 IP addresses (especially  IPv4 followed by IPv6).

The VASA Provider registration will work with 2 IP address ( when IPv6  is followed by IPv4).

vCenter 8.x and later can fail registration of the VASA Provider due to unsupported certificate signing request with provider certificate signing failed error.
You may see below error in Vasa Provider log:

com.vmware.vim.sms.provider.vasa.cert.CertificateAuthority - Timer stopped: getCAsignedCertificateInt, Time taken: 25 ms.com.vmware.vim.sms.provider.vasa.cert.CertificateAuthority - Failed to get a VMCA signed certificate for CSR. Error : 70069, Message : VMCA_ERROR_SAN_IPADDR_INVALIDcom.vmware.vim.sms.provider.vasa.VasaProviderImpl - [init] Provider creation failed while getting a certificate :com.vmware.vim.sms.fault.CertificateException: Failed to get a VMCA signed certificate for CSR. Error: 70069, Message: VMCA_ERROR_SAN_IPADDR_INVALID

vCenter 8.x and later

vCenter does not support certificate signing requests (CSRs) that include  SAN (Subject Alternative Name) with multiple entries (IP addresses or DNS entries).
Different versions of vCenter have specific limitations on the SAN fields that can be included in a CSR. The following outlines the officially supported SAN configurations in CSRs for different vCenter versions:

vCenter versions prior to 9.0: The CSR’s SAN field can contain one IPv4 address, one DNS name, and one IPv6 address.
vCenter 9.0 and later: The CSR’s SAN field can include one IPv4 address, two DNS names, and one IPv6 address.

Additional constraints apply when the VASA Provider is registered with DNS and when VASA 5 is in use, which can potentially lead to VASA Provider registration failure.

There is no resolution for this issue as of now