Secure communications have been configured between CEM and the Apache Tomcat server using certificates.
3 ports actually have been defined for TOMCAT
7213 - has record of secured connection. 
7212 - has record of non-secured connection.
7215 - has no connection history

Given there is a port 7213 with secured connection, is it possible to shutdown the other two connections?

CEM to Tomcat

If 7213 is set up for TLS, then it should be fine to remove the other 2 definitions.
These definitions will be in either the server.xml uss file or **.CUSTOM.CFGLIB(CEMESRVX) member
depending on which file is in use.