mkcert[1] is probably the easiest way to generate root certificate and leaf certificate(s). Then you can use a proxy like Squid to intercept the traffic[2]. You’d also need a local DNS server to point hosts like fonts.googleapis.com to your own web server.