To call a web service by using a client certificate, You need two things:

• Install a certificate
• Configure a behavior of Your endpoint (I prefer finding a certificate by its fingerprint). Here is an example:

 <behavior name="YourBehavior">
          <clientCredentials>
            <clientCertificate findValue="123491ed3d60220df994c777746f8dcec02c2e07" x509FindType="FindByThumbprint" storeLocation="LocalMachine" storeName="My" />
          </clientCredentials>
        </behavior>

It works like a charm in IIS Express. However, when You switch to standard IIS (QA/Prod environments for instance) there is a chance that You are going to keep getting the following error calling a web service "The request was aborted: Could not create SSL/TLS secure channel."

It turned out that You need to manage access level permissions for certificates to get it working. Here are the steps:

• Import the certificate into the "Local Computer"
• Right click Your certificate -> All Tasks -> Manage Private Keys
• Add appropriate permissions for Your account (Application Pool account)

If Website is running under ApplicationPoolIdentity, change the permissions for "IIS AppPool\{AppPoolName}". Where {AppPoolName} is a name of Your application pool.

For more details check out this post