HTTPS rewrite to HTTP.

If I understand Archie correctly, he's talking about a forward proxy function - internal users accessing external content through a content filter that is load balanced by the BIG-IP. You could indeed implement a wildcard certificate in a client SSL profile, but that would only apply to some (very small) subset of external hosts given that a wildcard CANNOT exist for a one-level deep TLD (ex. *.com).

An option here would be the Forward SSL Proxy feature new in version 11.3. This feature allows you to put a local (subordinate) certifying authority (CA) certificate on the BIG-IP that will, on-the-fly, issue local versions of the remote site's server certificates. The local client's must be configured to trust this CA certificate to avoid certificate errors. This would allow you to decrypt and inspect the outgoing traffic. More information can be found here:

Manual Chapter: Implementing SSL Forward Proxy on a Single BIG-IP System