iRule for SSL certificate based on uri

Not for URIs, no. But you can with host names. The URI is a layer 7 (ie. HTTP) function. SSL negotiation happens before layer 7, so it's generally not possible to change how SSL negotiates based on the HTTP path requested. You can switch certificates used based on host name though, using Server Name Indicator (SNI) in v11, or by using wildcard or SAN certificates.

can you give any links or examples for the above mentioned alternative's

Sure thing. As I said before, you can't evaluate a layer 7 attribute like the HTTP uri/path until AFTER the SSL handshake has completed, but you can evaluate the host name because it is generally a part of the SSL negotiation. There are essentially 3 ways to allow multiple HTTPS-based hosts to exit within a single IP address:

1. Wildcard certificate - this is a single certificate with a "wildcard" subject. Example: "*.domain.com". This would cover any host that matches that domain name to successfully negotiate.

    

2. Subject Alternative Name (SAN) certificate - like a wildcard but a bit more restrictive (and usually much cheaper). A SAN cert has a single subject name but potentially many subject alternative names.

    

3. TLS Server Name Indicator (SNI) - this is an extension of the TLS protocol. A TLS-capable client (anything greater than WinXP for example) will send a server name attribute in the CLIENTHELLO message that starts the SSL handshake. BIG-IP version 11 and higher can use that server name attribute to switch the client SSL profile that it uses for that negotiation. You would create multiple client SSL profile, each with its own server cert and key and specific server name value, and apply all of those profiles to the single virtual server configuration. Here's more detailed information on SNI:

    

http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13452.html?sr=32324709