You use a SSL Certificate with Tomcat when you need to request resources via https.
These days you definitely have to use SSL for everything from business websites to APIs. In many cases Tomcat is used as an API server supporting web services.
To use a SSL certificate with Tomcat you need to get a SSL certificate from a recognized Certifying Authority (CA) such as Sectigo (Comodo), RapidSSL, Thawte, and GeoTrust.
For this you need to setup a keystore and generate a certificate signing request (CSR). You can then use this CSR to get a SSL certificate from a CA.
Once you get the SSL certificate you need to set it up in your keystore and then configure Tomcat to use it’s SSL Connector.
Refer: Simple Step-By-Step Guide To Apache Tomcat SSL Configuration