It seems that you have ISE Posture agent installed on your clients. When VPN connection is established, this is a change in network adapter which triggers posture check. Its able to find the Policy Server (ISE Posture node) but the certificate is rejected. Hence you are getting a certificate error. Check your posture configuration, the policy server should be same as ISE FQDN configured in ISE.