Is it possible to install a certificate on button click, or do you
have to manually import it?
What do you think "manually importing" is? It's a software (part) that allows the user to select a certificate, and when clicking a button, it adds this certificate to the system. Meaning, of course such a software is possible. (This should be a no-brainer).
While eg. Android had restrictions in the past that third party programs weren't allowed to do so, it's now possible.
I was wondering how I could be able to see SSL requests in an
unencrypted form from remote clients
To MITM TLS requests (TLS, forget about SSL), you need not only the certificate part, but access to the data itself too. It's easier to start with that.
A common solution for legitimate purposes is to make a proxy server and to configure your phone to use it. Meaning, if you call a website, your phone won't connect to it directly, but connect to the proxy server, and the proxy server connects to the website. This allows the proxy server to read any transmitted data (but not to decrypt it).
Now, for the decryption part: You might know that, when a TLS connection starts, the server and the client agree on a encryption method and so on, and the client checks (with the local certificate) if the server is the real server for the given address.
If your proxy server wants to decrypt the data, it has to act as client when the connection starts, ie. the TLS connection is between web server and proxy server. The problem is the other direction: After reading what the server sent, it has to be sent to the phone too (otherwise, the phone won't ever get a started TLS connection, and won't ever start to send sensitive data over it).
The key part of TLS now is, the proxy server is not able to re-encrypt the data in a way that the phone thinks it comes from the web server (meaning the phone will reject the connection, because it recognized that the other side is not the web server). The (technial, not legal) solution 1 is to steal the private key of the web server (which is saved on the web server, but hopefully not accessible by the public). If you had that, your proxy server can successfully trick the phone into thinking that it communicates with the web server. It's just, stealing the private key can be a bit hard. The other solution is to add your self-created certificate for the website to the phone, and the private key to the proxy server, to make the phone accept the proxy server as legitimate web server too.
But now, you've still a tiny problem...
but how would I generate one from the Linux command line that works
for all websites.
While you could easily look this up, it won't help you, because a certificate for all web sites is not possible. The data format (used by web servers, browsers etc.) just doesn't allow it. Meaning, you would need a custom certificate (on phone and proxy) for each website that exists, if you go that route.
To solve this on the phone side, create a custom CA certificate instead of a single website certificate. Ie. a certificate that can be used to create more certificates, and if your phone has the parent cert, it trusts all children too. And on the proxy side, your proxy software needs to generate website certificates on the fly for each new connection. There's already software that is able to do this.
