Welcome to Cloud Jim, try to keep up
 
Below is an example on how to accomplish two way SSL authentication in WCF using certificates with the added bonus of salesforce setup.

The prerequisites for securing the service is to have a signed certificate for both server and client. If there are more than one client, make sure you have a certificate for each client.

Place the cert file from the client to server in
Certificates(Local Computer) -> Personal -> Certificates
Certificates(Local Computer) -> Trusted People -> Certificates 
*Optional but this could be required
*Certificates(Local Computer) -> Trusted Root Certification Authorities -> Certificates  

For client, the CERTIFICATE_NAME referenced below is the client's certificate name. This is using the client's private key to sign the message during the transport.

Example configuration files:
- Server endpoint service config file
- Client config file with Certificate Authentication via Code
- Client config file with Certificate Authentication via config
- Salesforce client setup

Server endpoint service config file

<?xml version="1.0" encoding="UTF-8"?>

<configuration>

  <system.serviceModel>

    <services>

      <service name="YOUR_NAMESPACE.YOUR_CLASS" behaviorConfiguration="SSLBehavior">

        <endpoint binding="basicHttpBinding" bindingConfiguration="SecureBinding" contract="YOUR_NAMESPACE.IYOUR_CLASS"></endpoint>

      </service>

    </services>

    <bindings>

      <basicHttpBinding>

        <binding name="SecureBinding">

          <security mode="Transport">

            <transport clientCredentialType="Certificate"></transport>

          </security>

        </binding>

      </basicHttpBinding>

    </bindings>

    <behaviors>

      <serviceBehaviors>

        <behavior name="SSLBehavior">

          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />

        </behavior>

      </serviceBehaviors>

    </behaviors>

  </system.serviceModel>

</configuration>


Client config file with Certificate Authentication via Code

<configuration>
  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="SecureBinding">
          <security mode="Transport">
            <transport clientCredentialType="Certificate">transport>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint
        address="SERVICE_URL"
        binding="basicHttpBinding"
        bindingConfiguration="SecureBinding"
        contract="YOUR_NAMESPACE.IYOUR_CLASS"
        name="SecureEndpoint">
      </endpoint>
    </client>
  </system.serviceModel>
</configuration>


YOUR_NAMESPACE.YOUR_CLASS client = new YOUR_NAMESPACE.YOUR_CLASS();
client.ClientCredentials.ClientCertificate.SetCertificate(
    StoreLocation.LocalMachine,

//    StoreLocation.CurrentUser,
    StoreName.My,
    X509FindType.FindBySubjectName,
    "CERTIFICATE_NAME");
string result = client.YOUR_SERVICE_METHOD();


Client config file with Certificate Authentication via config

Untitled Page

<?xml version="1.0"?>

<configuration>

  <system.serviceModel>

    <bindings>

      <basicHttpBinding>

        <binding name="SecureBinding">

          <security mode="Transport">

            <transport clientCredentialType="Certificate"></transport>

          </security>

        </binding>

      </basicHttpBinding>

    </bindings>

    <client>

      <endpoint

        address="SERVICE_URL"

        binding="basicHttpBinding"

        bindingConfiguration="SecureBinding"

        contract="YOUR_NAMESPACE.IYOUR_CLASS"

        name="SecureEndpoint"

        behaviorConfiguration="SSLBehavior">

      </endpoint>

    </client>

    <behaviors>

      <endpointBehaviors>

        <behavior name="SSLBehavior">

          <clientCredentials>

            <clientCertificate

              storeName="My"

              storeLocation="LocalMachine"

              x509FindType="FindBySubjectName"

              findValue="CERTIFICATE_NAME" />

          </clientCredentials>

        </behavior>

      </endpointBehaviors>

    </behaviors>

  </system.serviceModel>

</configuration>

 

Another place for the endpoing behavior is to have this setting: Location="CurrentUser"


Salesforce client setup

Picture
Go to Setup -> Administration Setup -> Certificate and Key Management

Picture
Create Self-Signed Certificate or CA-Signed Certificate. This is using the Self-Signed Screen.

Picture
Once the Certificate has been created, you can download the CERTIFICATE.cer file.