monline

1. Generate a new private key and certificate:
   
   openssl req -x509 -newkey rsa:1024 -keyout charles.key -out charles.crt -days 3650 -nodes
2. Convert it to PKCS12 format:
   
   openssl pkcs12 -export -out charles.pfx -inkey charles.key -in charles.crt
3. Select the *.pfx file in Charles for the custom CA certificate and enter the password (that you specified while converting to the PKCS12 format).

P.S.: note that Charles asks for the certificate's password during every startup, but if you use Charles's builtin certificate, it won't ask you for a password. The builtin certificate is stored in a "keystore" file in charles.jar and the keystore (and key) passphrase are embedded/built into Charles. But if you specify your own certificate and key in a PKCS12 format file, it's passphrase will not be known to Charles (you cannot specify it in Preferences or in the config file itself). And you cannot create a PKCS12 file without a password. And an empty password (/ string) is still a password. Btw. Charles doesn't accept an empty string for the PKCS12 file's password ... thus you've to specify a non-empty password!