repost from https://help.kaspersky.com/KWTS/6.0/en-us/166244.htm, whose Last review was on Jan 18, 2019

To configure SSL Bumping in the Squid service:

1. Make sure that the utilized Squid service supports the necessary options. To do so, execute the command:
   
   squid -v
   
   The configure options parameter must contain the --enable-ssl-crtd and --with-openssl values.

2. Go to the Squid service folder. To do so, execute the command:
   
   cd /etc/squid

3. Create a self-signed SSL certificate. To do so, execute the command:
   
   openssl req -new -newkey rsa:2048 -days <certificate validity period in days> -nodes -x509 -keyout squidCA.pem -out squidCA.pem
   
   You will be prompted to fill in the fields of the self-signed SSL certificate.

4. Please fill in the fields of the self-signed SSL certificate.

5. Create a trusted certificate to be imported into a browser. To do so, execute the command:
   
   openssl x509 -in squidCA.pem -outform DER -out squid.der

6. Import the squid.der file into the browsers of local computer users.
   The method used to import the squid.der file into a browser depends on the type of browser.

7. Configure the permissions to use a self-signed certificate file. To do so, run the following commands depending on the utilized operating system...
   
   . . . Details omitted. For this and the next two steps, i.e. steps 7,8,9, refer to the original article. . .

Finally, restart the Squid service. To do so, execute the command:

service squid restart

Configuration of SSL Bumping in the Squid service will be complete.