not exactly. You can add a coaching rule set and place it to the SSL Scanner right behind the "Handle Connect Call" rule set. You need to modify the error template to show the right text, but this should work.
if user visit site with self signed certificate it receive block page. After user press key on block page - they can access only this site with this self signed certificate or they can access all sites with self signed certificates ?
Or all users can access all sites with self signed certificates?
the user (identified by his user name or client IP, depending on what information is available to MWG) will be able to access all sites with self-signed certificates during the session length that is configured for coaching. A "per-host" approach may take some additional work. I think you could remember a URL you showed a coaching page for in PDStorage, but it may require some more tweaks and a lot of testing to make it work.
So far everyone requesting this functionality was happy with the way it works.