If you want to issue client certificates where the root of the certificate chain, will be one of the trusted root certification authorities, then you need to become a certification authority in accordance with Webtrust.
Simply put - most likely it is impossible for you.
If you just need to sign the client certificates, you can deploy your PKI and with the help of your CA to issue certificates to its users.
Users to trust the resulting certificates need to add the certificate of the root CA in "trusted root".
Kali56 answered on September 19th 19 at 12:11
the largest vendors (Verisign, Thawte) is a corporate program, in which it is possible to create your own CA (in particular, works Google Internet Authority G2) with some restrictions. The question is how it will be available to you...