SSL offload verification

I want what is the best practice in this scenario should we use different certificates for client-ssl and server-ssl

Generally speaking, the F5 is a full layer 4-7 proxy, so the client SSL session is completely separate from the server SSL session. The client SSL profile will affect how the F5 establishes an encrypted session with the client, and the server SSL profile will affect how the F5 establishes an encrypted session with the server. In many case, you don't have to specify a certificate at all in the server SSL profile, as this will be a generic (non-client) SSL session. This is, however, dependent on what the web server requires. You also don't have to re-encrypt the traffic at all. You could simply terminate the client side SSL and pass the unencrypted traffic to non-SSL web servers. Again, depending on you environment, these web servers are being protected by a default-deny security appliance. You may also save yourself some processing overhead by offloading the SSL at the F5 and not requiring it on the server side.

Is there any we can verifiy ssl offloading through packet traces ?

If you're offloading SSL on the client side and re-encrypting on the server side, then all ingress traffic (traffic coming to the F5), and egress traffic (traffic leaving the F5) will be encrypted. If you want to verify that the F5 is successfully offloading the SSL, simply apply a layer profile to the VIP (ex. HTTP) and attempt to process layer 7 data in an iRule. Example:

when HTTP_REQUEST {
    log local0. [HTTP::host]
}

If this displays the request Host header in the LTM log, then you know SSL is being offloaded and that the F5 has access to the unencrypted payload in the middle.