What you were told is correct. EPO in non-FIPS mode supports a sha-1 2048 bit certificate only.
Has the status of this changed any? Is SHA-2 still only supported in FIPS mode? The reason I ask is because I'm having trouble importing a new certificate, which is obviously SHA-2. ePO has been the first application we've had that hasn't liked the cert.