We are just turning on URL filtering in the estate.
Categorize HTTPS sites is enabled.
We have rule that is set to DROP, with a Block message for certain sites or categories
If we visit http://badsite.com, the log shows a BLOCK and we get the block page on the client machine.
If we visit the same site with https://badsite.com, the log shows REJECT, but the website opens on the client.
The CN on the certificate maches the name of the site.
I have a support ticket open, but anyone else seen this or solved it?