ProxySG SSL interception is disabled yet the https forward proxy still handles the transaction in policy.
HTTPS Forward Proxy handles traffic when SSL Interception is disabled. A "proxy error" or "page cannot be displayed" message is shown to the user.
This is the expected behavior. When ssl interception is disabled and the transaction results in an exception or a policy deny, the only way the proxy can deliver the HTTP exception/policy deny error message to the browser is if it decrypts the TLS tunnel.
The certificate returned to the client browser will be from the keyring specified in Configuration>Proxy Settings>SSL Proxy>Issuer Keyring.