SSL Bridging - trying to understand "further" about Profiles>SSL>Server>serverssl

Your original assumption is correct. In most cases, you don't have to modify the default serverssl profile. The certificate and key options in the server ssl profile are for the odd chance that you want to pass a client certificate in the SSL handshake between the F5 and the backend server. It's always going to be a single static certificate, so this option is rarely used. In a typical SSL handshake, one that does not require mutual authentication, the server sends its certificate to the client and the client determines if it trusts that certificate. If you're familiar with the prompt a browser pops up if a server certificate isn't trusted, that's generally because either 1) you used an IP address in the address bar, 2) the server certificate is expired, or 3) you don't have an explicit chain of trust with the issuer of the server's certificate. The server SSL profile would experience that same thing, but is programmed to ignore certificate warnings in the absence of any specific configuration to act otherwise.