turning SSL Inspection back on

I am implementing a 500D.  FYI I do have a ticket open but it's been days.

version 5.2.4

Here is the test:

go to [link]https://www.google.com[/link]   Check cert (comes up as Internal Certificate loaded from PKI server) Good! SSL Inspection policy is set to exempt Local Category "Allowed Sites" Add *google.com  to Allowed Sites Refresh site Check Cert (Comes up as public certificate from google servers) Good! Remove *google.com from Allowed Sites Refresh site Check Cert (Comes up as public certificate from google servers) ERROR! It does not go back to the decrypted internal cert. What am I missing?

In addition I turned on diag debug for urlfilter.  Found this in the log msg="Found it in cache"

I have NOT setup web caching so I am not sure where to start looking to either clear or purge that. 

Any help is appreciated.