so your idea is to make a welcome page which will have instructions about how to import the root certificate in order to get rid of the certificate errors?
The problem I see with that is that MWG cannot decide if a client has the certificate installed or not. So also users who already installed the certificate will see the welcome page every day or so, so it would only make sense if it contains some other details, such as a disclaimer for the internet usage or similar.
This will work fine if a client starts browsing with HTTP. If the user opens his browser ans types in an HTTPS URL he will see the certificate error, as MWG cannot establish a connection otherwise. The only possible workaround I can think of is sending a 302 Redirect to an HTTP web site or an HTTPS web site which hosts a real certificate that can be accepted by the browser.
This can only work in explicit proxy environments, in transparent environments there is no CONNECT request sent by the browser which MWG could reply to with a 302 Redirect. In transparent environments I don't see a way to display a website to a user without having him to accept the certificate used by MWG first.