First, you need to make the VIP decrypt the traffic. So you need an SSL certificate to terminate the HTTPS sessions on the VIP side.
After that, you will need an irule. Here is an example:
The following iRule example illustrates how the BIG-IP system can find a cookie called jsessionid in the first response from the server and add a persistence record with the value of that cookie. Subsequent client requests containing the same cookie name and value pair persists to the same pool member.
when HTTP_RESPONSE {
if { [HTTP::cookie exists "JSESSIONID"] } {
persist add uie [HTTP::cookie "JSESSIONID"]
}
}
when HTTP_REQUEST {
if { [HTTP::cookie exists "JSESSIONID"] } {
persist uie [HTTP::cookie "JSESSIONID"]
}
}
https://support.f5.com/csp/article/K7392
If you need the traffic to the server from the F5 to be also encrypted you will need an SSL server profile.
https://support.f5.com/csp/article/K14806
here is how to export a SSL cert:
https://manage.accuwebhosting.com/knowledgebase/1240/How-to-export-an-SSL-certificate-from-Apache-server.html
here is how to import it:
https://my.f5.com/manage/s/article/K14620