Tomcat is already installed, and I suspect it's doing its' job.
If so, all you need to do is find the "how to install a certificate into Tomcat" guide.
[which is likely already posted somewhere on this site - as well as the Internet - no need to reinvent any wheels]
If not, or to simplify matters, I would put Tomcat behind an nginx secured proxy.
Let Tomcat do the web serving and nginx do the certs.