Endevor web services are using HTTP with AT-TLS policy agent enabled on port 8443

Tomcat server.xml is configured to use plain HTTP:
<Connector port="8443" protocol="HTTP/1.1"  
           connectionTimeout="20000"        />

Using netstat command on the tomcat port shows the AT-TLS policy is in place, however, healthcheck validation only works using HTTP and not HTTPS, AT-TLS policy is not working as expected. 

Endevor V19

ApplicationControlled parameter in the AT-TLS policy set to ON.

According to IBM document:
ApplicationControlled
Specifies whether the application can control AT-TLS security for a connection. Valid values are:
Off - An application cannot control AT-TLS security. The connection automatically negotiates AT-TLS security.
On - An application can control AT-TLS security. AT-TLS security is used only when requested by the application, using the SIOCTTLSCTL ioctl.

Update AT-TLS policy and set ApplicationControlled Off.
After the AT-TLS policy updates, only HTTPS protocol can be used to access Endevor web services.