Thanks for posting in Microsoft Q&A forum.
The certificate selection will follow the criteria specified on the site settings.
We may be able to configure the "Client certificate selection criteria when more than one certificate is available" in the site setting to manage the certificate selection.
We can go through this path: CM console > Administration > Site Configuration > Sites > right-click the site and choose Properties > select Communication Security tab.
And then, modifiy the Client certificate selection Settings.
For example, as shown in the image below, we are able to set the subject of the selected certificate must contain a string unique to SHA2.
Hope the above information is helpful to you.
If the response is helpful, please click "Accept Answer"and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.