mkcert[1] is probably the easiest way to generate root certificate and leaf certificate(s). Then you can use a proxy like Squid to intercept the traffic[2]. You’d also need a local DNS server to point hosts like fonts.googleapis.com to your own web server.

https://github.com/FiloSottile/mkcert

https://turbofuture.com/internet/Intercepting-HTTPS-Traffic-...

[Edit: Now that I think of it, I’m not sure if Squid is really required...]