Tomcat and SSL
It is important to note that configuring Tomcat to take advantage of secure sockets is usually only necessary when running it as a standalone web server.
When running Tomcat primarily as a Servlet/JSP container behind another web server, such as Apache or Microsoft IIS, it is usually necessary to configure the primary web server to handle the SSL connections from users. Typically, this server will negotiate all SSL-related functionality, then pass on any requests destined for the Tomcat container only after decrypting those requests. Likewise, Tomcat will return clear-text responses, which will then be encrypted by the primary server before being returned to the user’s browser.
In this environment, Tomcat knows that communications between the primary web server and the client are taking place over a secure connection (because your application needs to be able to ask about this), but it does not participate in the encryption or decryption itself.
p>Source: Tomcat and SSL