I did something like this, a while ago, on DogTag. Seems to work for me.
I did that on server certificate profile ; so you may need to adjust it a bit.
/var/lib/pki/<instance>/ca/profiles/ca/caServerCert.cfg
<!-- this is the default OCSP entry, configured elsewhere in your pki instance, i just left it here -->
policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.serverCertSet.5.default.params.authInfoAccessCritical=false
<!-- these are custom entries -->
policyset.serverCertSet.5.default.params.authInfoAccessADEnable_1=true
policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_1=URIName
policyset.serverCertSet.5.default.params.authInfoAccessADLocation_1=
http://server1/root.crtpolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_1=1.3.6.1.5.5.7.48.2
policyset.serverCertSet.5.default.params.authInfoAccessADEnable_2=true
policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_2=URIName
policyset.serverCertSet.5.default.params.authInfoAccessADLocation_2=
http://server2/root.crtpolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_2=1.3.6.1.5.5.7.48.2
<!-- adjust as necessary the amount of entries here -->
policyset.serverCertSet.5.default.params.authInfoAccessCritical=false
policyset.serverCertSet.5.default.params.authInfoAccessNumADs=3
After that, restart your instance and review the certificate request in agent. Hope it works fine.