Just one thing there: most browsers today consider certificates as unsafe when the Subject Alternative Name is not populated with the correct hostname, so when you create the CSR, be sure to also fill out the Subject Alternative Name field.
Note that you don't need to export the private key from F5.
Now for the parts not covered in K14620...
1. Signing the CSR.
I like using openssl for the key/CSR/certificate checking, but honestly it's way easier to use a software like SimpleAuthority to create a CA and create or sign certificates. You can get it here: https://simpleauthority.com/
2. Making your own CA trusted in client machines
Export the public CA certificate to a PEM format or any other you prefer. In windows, click the file. Click the "Install Certificate..." button, it should open the "import certificate" wizard. Choose Current User or Local Machine. In the next step don't use the automatic option; force the certificate to be installed in the "Trusted Root Certification Authorities".
3a. Putting it all together v1 (full SSL offload)
Your Virtual Server will need at least 2 profiles: HTTP and Client-SSL. The client SSL profile will use the certificate and key you created, like explained in the article. If you're using plain HTTP on the server side, that's it.
3b. Putting it all together v2 (HTTPS in the backend)
Some organizations require full encryption also on server side. If this is the case you will also need a Server-SSL profile. You can use the default "serverssl", it'll gobble anything, including invalid certificates.