If you already have an SSL certificate through a certificate authority such as Thawte or Verisign, all you have to do to use it with the Pentaho BA Server and User Console is configure your application server to use it. Apache provides documentation for configuring Tomcat for CA-signed certificates: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html. Just follow those procedures, and skip the sections below that deal with self-signed SSL certificates.
After the application server is configured to use your certificate, you must modify the base URL tokens for both the BA Server and the User Console. Make sure you follow the directions for changing the BA Server Base URL; without executing those changes, your server will not work over HTTPS.