So it means that the only place where I need certificate is F5 and there is no need to generate certificate request from Exchange actually, you can create CSR on either bigip or exchange server. after getting certificate from CA, you are able to use it anywhere e.g. bigip, exchange server, etc.
also no need to import any Exchange certificate from Exchange on F5if you have certificate (and private key) already on exchange server, you do not need to create a new CSR. what you have to do is to copy the certificate (and key) from exchange to bigip. on exchange server, you have choice to run either http or https. in case of https, you are able to use the same certificat (and key) as bigip or you can create a new self-signed certificate (and key).
hope this helps.