Yes and no.
Yes: X.509 certificates almost always have either a keyUsage or a extendedKeyUsage extension, which regulates how the certificate is to be used. If you ommit the values dataEncipherment and keyEncipherment at this point and set it to something else (like digitalSignature) , every application adhering to the standard must not use the certificate's key for encryption.
No: Every X.509 certificate contains a public key which can theoretically be used to encrypt data, no matter what the standard orders you to do.
Bottom line: You can not technically prohibit someone from doing encryption with a key in a X.509 certificate. Your best shot is to set the keyUsage to a appropriate value and to use an ECC key instead of an RSA key, since ECC encryption is something that is not done very often.
There are protocol analysis programs that act as proxies. They allow you to view unencrypted HTTPS traffic. A couple of them are Fiddler and Burp Suite. I've used Fiddler before and it works fine. Separately Chrome and Firefox support the SSLKEYLOGFILE environment variable, which writes the SSL session key to a file, which Wireshark can consume. I'm guessing a browser is not the client endpoint of your SOAP protocol, so you couldn't use this directly. You could however implement the same support in your endpoint (if you can build the endpoint) – Χpẘ – 2017-05-03T16:27:17.203