There are actually two checks that need to be performed: -
1 - If a secure port is required then a security realm must be associated with the interface.
2 - That security realm must supply an SSLContext
For #1 that can at least be validated in the model at the end of stage MODEL. This will need to be validated for both standalone mode and domain mode - each of these use independent resource definitions.
#2 will have to wait until RUNTIME where we have the opportunity to check that the injected realm does supply a SSLContext.