At least you have to add a rule with an Event: Enable SSL Client Context with CA.
This allows the Proxy to intercept an SSL Connection to send any error Page.
Thanks for the reply, does this mean that i need to add the rule on the SSL scanner itself? or create another rule?
You can create the rule whereever you want. We do this in the first topruleset to be sure getting ssl error pages.