Yes exactly. And, ironically, many of these solutions can make you less safe; at one of my former employers we had something like this, but the problem is that since you're getting a cert from the MITM server, you're not able to inspect the cert from the real server, and at least in the case of the Cisco product we were using, the MITM server wouldn't bother to inspect it either; expired certs, certs with the wrong CN, self signed cert, didn't matter - the MITM server would ignore the problem and happily replace the cert with a valid one signed by the company CA.
That is more often a configuration issue than a technology issue. MITM proxies can be configured to reset connections to sites with invalid/expired certificates.
