This description should roughly contain following steps:

• create a new socket binding for https listener
• create an Undertow https listener which requires client authentication using SSL, bound to the socket binding created earlier
• add a Remoting https-remoting connector to the https listener
• configure the EJB client to connect to the HTTPS listener and be able to present its SSL certificate to the server

If possible, this should also describe the differences how this works with PicketBox and how with Elytron.

This test case implements a similar scenario (using PicketBox) https://github.com/jbossas/jboss-eap7/blob/7.x/testsuite/integration/manualmode/src/test/java/org/jboss/as/test/manualmode/ejb/ssl/SSLEJBRemoteClientTestCase.java so it can be used for inspiration