Unencrypt/iRule/Rencrypt

If you just want to redirect, why do you think you need to re-encrypt with xyz certificate.

You only need to decrypt the traffic destined to abc using that cert and issue a redirect. What happens when the client hits xyz is another story. You did not specify if that traffic comes back to same bigip but, if it did, you don't have to decrypt that

HTH

Do you want to use the same VIP for both www.abc.com / www.xyz.com?

If so you will need to apply a clientssl profile with the cert/key for www.abc.com and www.xyz.com (using the Subject Alternative Names feature of the cert), and use the default serverssl profile (to re-encrypt).

Then it's not really clear if you want to send both FQDN to the same pool......

Unfortunately it's not just a redirect. There is 2 different company's traffic coming to the same URL, they are just split by URI, i.e. www.abc.com/rst and www.abc.com/uwv. rst traffic needs to continue on to the same pool with encryption on the original cert while uwv needs to be redirected to a new URL with a new cert to a new virtual server, i.e. www.xyz.com/uwv.

Here is the iRule matching what you gave us :

when HTTP_REQUEST {
  switch [HTTP::uri] {
    "/rst" { 
      pool your_https_pool
    }
    "/uwv" { 
      HTTP::redirect "https://www.xyz.com/uwv"
    }
  }
}

The solution I came up with is to unencrypt at the F5 using the original certificate (client SSL profile), apply a iRule that rewrites the uwv URL to https://www.xyz.com/rst and the re-encrypt (server SSL profile) traffic to the original pool with the original certificate. That way traffic that goes to https://www.abc.com/rst flows as normal and traffic that goes to https://www.abc.com/uwv gets rewritten to https://www.xyz.com/uwv and uses the new xyz certificate.