- Generate a new private key and certificate:
openssl req -x509 -newkey rsa:1024 -keyout charles.key -out charles.crt -days 3650 -nodes
- Convert it to PKCS12 format:
openssl pkcs12 -export -out charles.pfx -inkey charles.key -in charles.crt
- Select the *.pfx file in Charles for the custom CA certificate and enter the password (that you specified while converting to the PKCS12 format).
P.S.: note that Charles asks for the certificate's password during every startup ... but if you use Charles's builtin certificate, it won't ask you for a password.