That is just your browser saying it does not recognize the signing authority on the SSL certificate. Which is completely normal since it's self-signed by Hyperic. You can select either of the "accept" options and will then be able to log into HQ over HTTPS.
As for configuring the server to only use SSL communication, there are a couple options. One would be to disable the HTTP connector in the HQ Tomcat. Another is to front your HQ installation with an Apache server (configured as a proxy or using mod_jk). Then use a firewall (iptables or Windows Firewall would work fine) to firewall the ports you do not want open (7080, 7443, etc) and only allow access to HQ via the SSL enabled Apache.
This would obviously require that you configure all your agents to talk to the server via this SSL channel (unless you have further advanced firewall configuration)