Going by: "Certificate authentication is more manageable and scalable in large institutions than other forms of authentication because only a small number of CAs (frequently only one) must be trusted." I would say it is possible. Page 47
Yet step 4) ... "Once a file has been applied the prompt changes to Replace current CA certificate." So, does that mean the CA gets replaced over and over for every upload ...
Tested this morning. I provided ePO with my other CA Certificate and the CRL file for that CA, all my certs are issued from CA01 and not from CA02 - immediately get "no valid certificates" - logged back into ePO loaded up CA Certificate for CA01 and the CRL list for that CA and I'm good to log in. So far it seems it seems ePO and only use one CA