Indeed there is some mess in the BSM 9.13 Hardening guide. There is a dedicated section explaining how to configure SSL for application users, but sections explaining how to configure SSL for data collectors are gone. Even though in BSM 9.01 Hardening guide they are available.
So to answer your question - yes, it's possible to configure SSL for application users and data collectors independently.
Thanks! Beyond enabling SSL on my web server (IIS) (and making SSL "required", or not??), can you expand a little bit on what else is required on the BSM side? Just changing the URL's in Inf. Settings as described in the guide?