Hi,
The problem you face is that SSL communication is established before any HTTP transactions has been done. Therefore you won't be able to use an iRule to automatically select the good Certificate to use. Even within the BIGIP configuration you won't be able to handle this.
You will need to define 4 differents VS to do this or create a wildcard certificate (if your applications are appli1.mysite.com, appli2.mysite.com, ... you need a certificate for *.mysite.com)
Do you have any way to identify which application is requested except through the URI? (like source ip address, etc...)