You might want to check for few things.
1) Set negotiateServiceCredential="false"
<wsHttpBinding>
<binding name="wsHttpSecure">
<security mode="Message">
<message clientCredentialType="UserName" negotiateServiceCredential="false"
establishSecurityContext="false" algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
2) Also make sure in SOAP UI you check mark "Add default WSA To"
Check this link http://ddkonline.blogspot.com.br/2012/10/wcf-45-host-unreachable-when-calling.html
3) For passing client certificate check following link
http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html
I hope that helps.