OK, you're looking for client certificate authentication of your would-be clients, which always includes SSL.
I've got a couple links for you to check out:
http://msdn.microsoft.com/en-us/library/ms731074(v=vs.110).aspx is the official version from MS that has good information, but not necessarily good instructions on getting this working.
and
http://architecturebyashwani.blogspot.de/2010/01/wcf-client-authentication-using-x509.html ... this is a better source in my opinion because it will walk you through the process of setting it up the certificates (self signed) you'll need for testing.
As far as controlling the issuance and certificates to client computers, that can be easy or difficult depending on how many client devices are involved and where they're located.
If you're talking about an internal implementation for server-to-server communication within a network, or perhaps a few PCs connecting to the host, that's not too difficult. In a nutshell, you copy a .PFX file (cert and private key) to the clients and host and set them up in the cert store (Like LocalComputer\Trusted, for instance). Then you set up the client and host WCF software to a) access the certificates and b) make get the host to deny access to non-authenticated users.
However, if you're talking about issuing and managing certificates for a thousand people walking around with iPhones, Androids and Laptops, that's a much more difficult proposition to control.
Here's a link, though, on setting up an internal certificate authority: http://technet.microsoft.com/en-us/library/ff849263(v=ws.10).aspx
Added: This DOS scripting will create client auth certs, package them as a PFX and install them into a certificate store on the host.
On the host side you do this:
rem Comment -- creates client authentication cert, puts it in the currentuser\root authority and signs it based on the other certificate
makecert.exe -n cn=ClientAuthCert ClientAuthCert.cer -is root -sky exchange -pe -sv ClientAuthCert.pvk -eku 1.3.6.1.5.5.7.3.2
rem Comment -- make the pfx file that will allow you to copy certs around with private keys
pvk2pfx -pvk ClientAuthCert.pvk -spc ClientAuthCert.cer -pfx ClientAuthCert.pfx -f
rem Comment -- installs the certificate on the host in the localmachine / trusted people store
certmgr.exe -add ClientAuthCert.cer -c -s -r LocalMachine TrustedPeople
On the client side, you do this (after copying the .CER and .PFX files over to the client machine):
rem comment -- these lines install the certificates in the stores on the client device
certmgr.exe -add ClientAuthCert.cer -c -s -r LocalMachine TrustedPeople
Certmgr.exe -add ClientAuthCert.pfx -c -s -r CurrentUser My