I believe I had the same problem when we tried this initially. Private SSL certificate only required on server side steelhead. Ensure that your branch and server steelheads have valid peering certificates to allow the traffic between them to be secured.
There are also quite afew options for the in-path rule, ensure it is far enough up the list to by-pass the default rule.
running 9.1.2c my server side in-path rule is as follows:-
destination subnet x.x.x.x/32 port 443
vlan tag all
preopt - ssl
latency opt Exchange Autodetect
data reduction: normal
my branch sh in-path rule looks identical.
Is it OWA or Exchange traffic that you want to optimize?
With OWA, you can use SSL cert with an auto discover rule that you have been already configured.
If the SSL cert consists of chain certs. Its better to check if the chain certs are discovered by the steelhead.
If not you have to add them to as CA and after that add them to the regarding SSL cert from ;
Configure › Optimization › SSL Main Settings > select the SSL cert > Chain tab > Add New Chain Certtificates
With Exchange, you have to join the DC SteelHead to the domain as RODC to optimize MAPI or May be these links can help;