Your WCF service's web.config settings and the IIS application settings must remain in sync for SSL to work correctly.
Setting the endpoint address to https doesn't force clients to use SSL:
<endpoint address="https://machine.domain.com/path/Application.svc"
To require SSL in the web.config, you'll want to change the behavior:
<behaviors>
<serviceBehaviors>
<behavior name="generalBehaviorConfiguration">
<serviceMetadata httpsGetEnabled="true" />
At this point if the client tries to access with https, all is well - but if they try with https, they get a somewhat confusing error:
The resource cannot be found
Turning on "Require SSL" in the IIS settings for the site will result in the client getting a 403 error, which makes more sense.
Now if you have followed the above steps to require SSL, then Visual Studio won't immediately find the service reference when you try to add it (or update, if you've reconfigured.) It will try to use http.
The solution is simple enough: In the Add Service Reference dialog, discover the services and select the one you wish to add. Then add an 's' to the http in the Address box.
A related note:
I've been deleting the .disco, .wsdl, and .xsd files from my project after adding and updating service references. They aren't needed to compile the project, and we had issues with source control (Team Foundation Server) with multiple developers updating the service references.
To see these you'll need to turn on the "show all files" option in solution explorer.