Does the cert and private key already exist somewhere else (i.e are you moving this SSL from another server to the BigIP?). If so, then you simply need to export he cert and key from the original location and import them into the BigIP. If you look under the local traffic management menu of the BigIP, there's an item for SSL certificates. In there you can import keys and certificates.
If it's a new cert you need, then create a new key from the BigIP GUI (At least 2048 bits in length) with the correct CN and other info, then submit the CSR (Certificate SIgning Request) to a suitable CA, pay them some dosh and they'll send you a signed vert. You them import that into the BigIP.
Once the cert and key are on BigIP you just need to create new clientssl profile and attach that to the VS you want to have perform the SSL Offload function.
H