Squid

Question about SQUID SLL bump and certificates?

Hello!
The question has probably been chewed a million times, but maybe I missed something.
Essence of a question in the following:
There is a gateway on which the transparent SQUID (3.5.19) with SSL support is lifted and configured.
Set up according to the article . Everything works without problems, transparency, https sites, everything is OK.
BUT if I restrict access (by mac addresses, without any filtering), then there is a problem.
I have the deny_info option configured, which, when denied, kicks the user to a specific page. If this is a normal site (without HTTPS), then the redirect happens as it should, but in the case of HTTPS, a message appears in browsers stating that the certificate is not reliable and there is no further redirect to the deny_info page. As I understand it, if Internet access is open, then the client receives a remote server certificate, if access is limited, then the client "flies" a certificate that I generated via opensll and substituted into the squid configuration. Of course it's not reliable. As far as I understand it is possible to buy the reliable certificate and to palm off a squid.
Is it possible to somehow get around this problem so that the user still gets to the ban page?