Need of SSL Server Profile

ClientSSL and serverSSL profiles are quite similar but they are quite different at the same time (hope this makes sense). The important thing to understand is that clientSSL manage the client side of the connection and serverssl the server side, remember big-ip is a full proxy, no matter what client and server connectionas are different.

When you configure clientSSL and set certificate and key, that will be use when the SSL handshake happen between the client and you big-ip. In you serverssl profile this configuration has a different meaning due the server side context, the certificate and key will be use by the big-ip as client in the server side connection hence it will use the certificate to authenticate itself to the server. During the SSL handshake it will present the certificate you have in your profile to the server as a authentication mecanism. Honestly this is not very usual but the option is there.

Give this, you have several options to configure your bigip: SSL offload, SSL bridge, SSL forward, etc.

90% of the times you will use SSL offload or SSL bridge, that's my experience. SSL offliad only requires a clientssl profile, on the server side you configure your pool of web server in the http port and the traffic goes in plain. SSL bridge adds the serverssl profile to get the traffic encrypted again hence you need your pool configure to send traffic to ssl port (and yes you still need a certificate, it can be any as this one is not expose to the client)

Regarding session keys, this is something negotiated between the peers during the SSL handshake, it is not something really initiated on one side.