• Generating CSR certificate succeeds, however VCF Fleet Manager classifies IP address as DNS in the SAN field instead of expected IP address when analyzing the certificate using a certificate decoder.  The following documentation can be used as a guide to generating the CSR certificate Replace a Certificate with a CA-Signed Certificate 

VCF Fleet Manager 9.0.x

VCF Fleet Manager 9.0.x does not have the option to specify IP address in the SAN field in the UI

1. Access Fleet Manager API as per KB How to Authorize VCF Operations Fleet Management API 
2. Select private-internal-API from the drop down box
3. Navigate to the Locker Certificates Controller API → Post /lcm/locker/api/certificates/csr → Try it out → Fill in the required details, here you can specify IP.  Tenant field is not required and the for the Host value please add your DNS entries

Changes will be made in later versions of VCF Fleet Manager to allow IP addresses to be specified separately.