Hi,
The database certificate is validated based on the SAN >> DNS entry carrying the server IP address, this is by design. You are correct about the IP based SAN in general, but for the ClearPass database certificate, follow SAN >> DNS >> "local node IP address".
Note - The IP address that you enter in SAN >> DNS for database certificate should be of local node IP.