The easiest way is to go to Admin Console > Server Settings > Secirity Settings and select Required under Client Connection Security (then press Save Settings and maybe restart the server). Of couse your client should support SSL connections (Spark does and most other clients too).
In that case Openfire will use its own self-signed certificates generated during the server installation to encypt the messages.
If you want to use your own certificates, then this is a completely different story with some issues, but i have no exprertise in that. In general, you should then go to Server Certificates menu and try to import your own certs.