You can define an SSLConfig section within your [wowza-path]/conf/VHost.xml file for the Admin HostPort. You can either do it properly with a CA cert, or create your own self-signed certificate.
As an example using a self signed key store called keystore.jks placed in the /conf directory, edit the VHost.xml file and navigate to the HostPort called "Default Admin"
Add the following node within <HostPort> (see the usually commented out port 443 in the file as an example)
You would then access the admin URL's using HTTPS instead of HTTP. You can leave the port as 8086,
or set the port to 443, in which case you don't need to specify it in the URL. Do ensure this will not clash with any other secure ports defined in Wowza.
Most browsers complain these days when using self-signed keys, but you can usually bypass the warning, or set it up properly using a valid CA.