Hi Anthony,
I managed to make "Live Office 4.1 SP7" work in full HTTPS mode with Tomcat server + WACS. 
Following SAP note 1618311, made for BO XI 3.1 to solve a BI 4.1 SP7 WACS problem was a very bad idea, claimed by a guy on an other thread as having solved his BI 4.1/WACS+HTTPS problem. 
In my case, in HTTPS properties of WACS, the hostname must be used but "localhost" must not (as shown in the note. Perhaps it was OK with BO XI 3.1).
Moreover, I had to use a true certificate signed by an official CA. In fact I use for WACS the same keystore than the one used by Tomcat server.
NB: it is possible to do a test with a self-signed certificate but you have to install in IE the self-signed root CA certificate used to generate certificate for Tomcat server in keystore.
In axis2.xml of "dswsbobje" in Tomcat tree, indeed it's no use activating RESTful but HTTPS connector must be activated by removing marks for comments and port must be set to the value of HTTPS port of Tomcat server.
In LO options, I use this public HTTPS URL:
https://vm-bobi41.xyz.com:443/dswsbobje/services/Session
In RESTful web service properties, I use this public HTTPS URL:
https://vm-bobi41.xyz.com:8443/biprws
"Web Service URL" does not seem to be used by "Live Office" I keep the original HTTP value:
http://vm-bobi41:6405/dswsbobje
I wonder in what case this URL is used... What product uses it ???
To check that all is well encrypted between client and server, I used a fantastic free tool I've just discovered: "Fiddler" from Telerik.
It even gives cipher suites proposed by the client and cipher suite accepted by the server ! 
I've discovered user/password and data are all transiting by Tomcat server with "dswsbobje" service.
I hope it's quite understandable... It's late and my english may become muddled... 
Regards,
Stéphane.