Tamer,
In brief, to terminate the SSL connection you will need a Client SSL Profile configured and applied to the Virtual Server. If you need to re-encrypt to the backend webserver then you would also need a Server SSL Profile configured and applied to the Virtual Server (note, most times the default serverssl profile will work fine).
You will need to export the cert/key from the existing web server, import onto the BIG-IP and associate with the new Client SSL Profile.
Client certificate Authentication will require the Trusted CA certificate configured on the BIG-IP, perhaps a Root or Intermediate CA cert. Normally this would be from an internal PKI. You just configure the Client SSL profile to accept client certs signed from a particular Trusted Authority.
See the following links for more granular help:
Managing SSL certificates for BIG-IP systems using the Configuration utility
Overview of the Client SSL profile
Hope this helps,
N