Sites added into Web Isolation with Action as Pass result to SSL server cert validation error as shown below. Removing the site in question from the same isolation bypass (pass) resolved the error. This issue happens on all sites.
This is specific to user traffic forwarded from WSS to Web Isolation Cloud with a matching "Pass" rule only
The "Pass" action does not terminate SSL traffic nor does it emulate client certificate. This has caused Web Isolation (WI) to return the original OCS certificate back to WSS.
As of this writing WSS trust only some specific certificates coming from WI hence the warning.
Use the "Inspect" action instead of "Pass". This will allow for SSL termination and client certificate emulation which in turn avoid the warning.
Another option would be to bypass traffic to WI from WSS to avoid sending traffic unnecessarily to WI but in the end bypass it.