Distributing x.509 is always a painful thing, and using WCF, it no long is.
In the WCF configuration, there is a knob in the configuration which helps the client to get the public key portion of the certificate in an "SSL" fashion.
<bindings> <wsHttpBinding> <!-- This configuration defines the security mode as Message and the clientCredentialType as Username. --> <binding name="Binding1"> <security mode="Message"> <message clientCredentialType="UserName" negotiateServiceCredential="true"/> </security> </binding> </wsHttpBinding> </bindings>
It could apply to other bindings as well. This is username(client) over certificate(server) scenario.
This feature will make x509 certificate more popular with web service!