Hi,
The error you are receiving is because the SRX was not able to authenticate the Facebook server and because of this, it sends a Dummy cert to the PC in order to inform about this error. See "Server Authentication" section:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-ssl-proxy.html
When the SRX contacts Facebook and the server provides its local cert, the SRX will try to authenticate it with the CA certs stated under:
set services ssl proxy profile ssl-inspect-profile trusted-ca [Trusted_CA-Certs]
I just connected to Facebook and received the cert attached in file "Facebook cert". We can see that this cert was issued/signed by "Digicert SHA2 High Assurance Server CA" which in an Intermediate CA. In attached file "Facebook cert-3" we can see that "Digicert" signed/issued that Intermediate CA cert hence "Digicert" is the Root CA. We need to make sure that both, the Intermediate CA cert and Root CA cert are loaded in the SRX if we want it to trust the local cert provided by Facebook.
I believe you need to change the value "sky-atp-ca" to "all" so that the SRX will check all installed CA certs when authenticating Facebook or any other external website. Note that "all" option means that the SRX will check all installed CA certs when authenticating an external cert. Juniper packages come with pre-installed CA certs that can be loaded with the following command:
request security pki ca-certificate ca-profile-group load ca-group-name ca-default filename default
Check "Trusted CA List" section in the following doc:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-ssl-proxy.html
Try installing the Trusted CA list provided by Juniper and using option "all" under [edit services ssl proxy profile ssl-inspect-profile trusted-ca]. If the issue persists after that, then we will confirm if the SRX does have the Root CA cert (Digicert) and the Intermediate CA cert (Digicert SHA2 High Assurance Server CA) installed correctly.