The following is an example set-up of squid3 acting as an HTTP and HTTPS proxy with certificate generation.

Squid's configuration squid.conf in /etc/squid3/squid3.conf must be modified to include the following parameters:

# Listening Port
http_port 192.168.1.1:8123 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/ssl/certs/ssl-cert-snakeoil.pem key=/etc/ssl/private/ssl-cert-snakeoil.key
# allow squid to connect to sites directly
always_direct allow all
ssl_bump none localhost
# bump the server first
ssl_bump server-first all
ssl_bump none all
# do not bother with server certificates that do not pass validation
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER

The certificate used is the default Debian generated certificate used by multiple applications which is helpful because other services you may offer may use the same certificate.

Since a certificates will be generated dynamically, the Squid CA must be imported in all browsers that use Squid as an upstream proxy.

After configuring squid, you will get an invalid certificates errors on HTTPS pages and you need a competent browser to install your certificate into the trusted certificate store. Do not miss this important step, or else webpage elements may be missing - it is insufficient to just use the "proceed anyway" button.

In order to install the certificate in your browser using Firefox, first go to an SSL page and export the certificate to your desktop. Then go to Perfences→Advanced→Certificates→View Certificates and click the Import… button to import the certificate in your browser.

A good site to test with are Twitter and Facebook that are closely tied to SSL.