As of this writing, certificate with subject "Web Isolation Sub CA" will automatically be deployed into any dedicated Web Isolation tenant having Web Security Service (WSS) forwarding. This is needed to establish trust between WSS and Web Isolation Cloud dedicated tenant. The certificate is used to emulate server certificate when Web Isolation intercepts traffic hence you are seeing the certificate returned to the client browser. 

The "Web Isolation Sub CA" certificate is issued by the "BlueCoat Systems, Inc. Cloud Services CA - G2" Subordinate CA certificate.

The "BlueCoat Systems, Inc. Cloud Services CA - G2" is signed by "Bluecoat Systems, Inc. Cloud Services Root CA". 

So all these certificate needs to be installed and trusted by client browsing directly to the dedicated Web Isolation Cloud.

Install the attached certificates to the "Trusted Root Authorities" of the browser/client machine to resolve the error.