You cannot use your public Entrust certificate as the OnBoard CA, as it is not allowed to sign other certificates, it can only be used to authenticate the ClearPass server to clients. And as Tim said, don't use a wildcard as your RADIUS certificate.
Regarding documentation, for selecting the right certificates I'd suggest that you check out the ClearPass Certificates 101 Technote (that can be found here: https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/EntryId/7961/Default.aspx). There is quite some content about what choices you have to pick the right certificates in your Onboard scenario (you will likely end up initializing a new Onboard CA as root, which is quite easy to do)