Hi,
if you speak about end-to-end SSL, you do mean that a client connects to the VIP in SSL, the ACE terminates the SSL connection, performs some load-balancing decisions, reencrypts the traffic and sends it, again encrypted, to the server.
For that to work, you need a key-cert pair to do the SSL termination ==> SSL -proxy server
For the SSL initiation (ACE to server traffic) you do not need a key-cert pair ==> SSL -proxy client
Take a look at following example on how this is configured:
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml
HTH,
Dario