If the server has been set up without support for TLS, you can enable it after the fact by obtaining a certificate chain, configuring key and trust manager providers, and configuring connection handlers.
The process for obtaining a certificate has already been discussed in depth. Use
manage-certificates (or some other tool) to prepare a Java KeyStore
(JKS) or PKCS #12 key store with an appropriate certificate chain and private key. You
should also create a trust store for use by the server.