If you need to streamline certificate distribution to your clients for message encryption, consider using negotiate credentials option
Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen
If you need to streamline certificate distribution to your clients for message encryption, consider enabling negotiateServiceCredential. This option is only available with wsHttpbinding. Keep in mind that if you set enable this options, non-Microsoft clients
will not be able to consume your service. Consider also that there is a performance penalty of negotiating credentials, due to messages exchange.
The following binding configuration shows how to set this option:
<message clientCredentialType="Windows" negotiateServiceCredential="true" />