hen configuring an ISE PSN for the purposes of EAP processing, you can only install one certificate that identifies that server. If you have more than one PSN then you could install the second cert on that PSN - but then you have the challenge of ensuring that the NAS sends the traffic to the appropriate PSN - this may be possible if the traffic comes from two distinct networks (e.g. two SSID's). You'd need to explain your setup a bit more.
But in general it sounds not doable, because the EAP standard is designed such, that the EAP Server responds to the client with its X.509 certificate during EAP Client/Server negotiation. How can the server know which of the two (or more) certs to offer to the client? EAP servers don't have multiple personalities :-)
The only practical thing you could do is to turn off the server check on the client (e.g. don't care about validating the server cert). This reduces security but it would offer a solution.
