You specifically asked about the server SSL profile. In the server side SSL handshake, where the BIG-IP is the client, the server will send its certificate. The default behavior of the server SSL profile is to ignore any validation errors, so you can simply just use a generic server SSL profile. You can, optionally, require the server SSL profile to validate the web server's certificate, in which case you'd need to add a CA bundle to that profile and set the appropriate options in the Server Authentication section of the profile.
But again, you shouldn't normally have to do any of this. The default behavior is to ignore validation errors, so a generic (unmodified) server SSL profile will usually do just fine.