Annotations on EJB3 Web service class like this provided us with expected results - soap address was HTTPS, regardless of way of accessing WSDL (http/https). serverAuthPolicy is policy we have configured. | @WebService(serviceName = "zzzzzz", | name="zzzzzz", | portName="zzzzzzPort", | targetNamespace ="http://www.zzzzzz.com/zzzzzz") | @SecurityDomain("serverAuthPolicy") | @PermitAll | @WebContext( | authMethod="CLIENT-CERT", | transportGuarantee="CONFIDENTIAL", | contextRoot="zzzzContextRoot", | secureWSDLAccess=false | ) | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4203680#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...