While working on a customer issue, we've come to find out that we don't actually provide an easy way to generate the encrypted string needed for use in the APM Jetty configurations. We do, however, have a nice KB article written by CA Support that details the procedure.
So I took that information and cloned the password script (SHA2Encoder.bat) to create JettyEncoder.bat. The script works the same way; just provide the password you want to encrypt and it will output the OBF string you need for your Jetty setup.
NOTE: Before you run the script, please update the variable JETTY_CLASSPATH. The location of the two JAR files needed may be different depending on your APM version. This was tested with 10.5.1.8 HFX9.
The script is attached to this blog for your use. Place the file in <EM_HOME>\tools.
Update: I have updated some comments in the script and provided a Linux/Unix version.
Just for completeness, here is the link for the official Jetty documentation: Jetty/Howto/Secure Passwords - Eclipsepedia
Again, thanks to grara06 for showing the way, and to Raja (SE) for the cipher suite details (another discussion for another time).