If an intercepting proxy's root certificate is not installed on the client, what does the user see, and why?
The browser shows a certificate warning ("not trusted" / "your connection is not private"), because the proxy's on-the-fly certificate chains to a CA the client doesn't trust.
The proxy still presents a certificate for the site, but it's signed by the proxy's own CA. Since that CA isn't in the client's trust-anchor store, the certification path can't reach a trusted root, so validation fails and the client warns the user.
This warning is the trust model working as designed — it's the last line of defence telling you "someone is vouching for this site that I don't recognise." Clicking through it deliberately lowers your own protection.
Tip: Certificate warnings aren't bureaucratic noise — each one means the chain of trust broke. On a site you don't control, that's a genuine red flag, not something to bypass.