How to: Obtain a Certificate (WCF)
To use any of the Windows Communication Foundation (WCF) features of that use X.509 certificates, you just first obtain certificates.
Choose one of the following:
Purchase a certificate from a certification authority, such as VeriSign, Inc.
Set up your own certificate service and have a certification authority sign the certificates. Windows Server 2003, Windows 2000 Server, Windows 2000 Server Datacenter, and Windows 2000 Datacenter Server all include certificate services that support public key infrastructure (PKI). In Windows Server 2008, use the Active Directory Certificate Services role to manage a certification authority.
Set up your own certificate service and do not have the certificates signed.
Whichever approach you take, the recipient of the SOAP request that contains the X.509 certificate must trust the X.509 certificate. This means that the X.509 certificate or an issuer in the certificate chain is in the Trusted People certificate store and that the X.509 certificate is not in the Untrusted Certificates store.