That will not work, no public CA will sign your intermediate as that effectively breaks the SSL trust model.
Please read the document "CPPM - Certificates 101 Technote V1.2" from:
https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/EntryId/7961/Default.aspx
In short: the certificates that ClearPass Onboard issues as client certificates do not need any public trust as these are only used to validate the client on the network.
So use the built-in CA for issueing the client certificates, use a public trusted CA for your HTTPS Server certificate on the ClearPass server and the used RADIUS certificate depends on circumstances and can be either a public or private certificate.