You cannot use your public Entrust certificate as the OnBoard CA, as it is not allowed to sign other certificates, it can only be used to authenticate the ClearPass server to clients. And as Tim said, don't use a wildcard as your RADIUS certificate.
Regarding documentation, for selecting the right certificates I'd suggest that you check out the ClearPass Certificates 101 Technote (that can be found here: https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/EntryId/7961/Default.aspx). There is quite some content about what choices you have to pick the right certificates in your Onboard scenario (you will likely end up initializing a new Onboard CA as root, which is quite easy to do)
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.