In order to configure your service for 2 way SSL below are the steps:

1. Create a website which has the https binding mapped on it.
2. When the https binding is mapped to the website it asks for a server SSL certificate that it would use to secure your transport channel.
3. Create a virtual directory where you want your services to be deployed.
4. Now the WCF services being built need to have the configuration that specifies that the service uses https and clients are authenticated using certificates.
5. Set the option to “Accept” on your SSL Settings of your virtual directory which states that the client might pass a certificate. IF you set it to require then the client needs to pass a certificate.

NOTE: When using certificate you need to be sure on which certificate needs to be installed in which certificate store. You might have some exceptions with self signed certificates but they can be bypassed on client by using the code below:

ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, error) => true;

Some code on how to implement your custom certificate validator and use it:

public class CustomX509CertificateValidator : System.IdentityModel.Selectors.X509CertificateValidator
    {
        // This Validation function accepts any X.509 Certificate that is self-issued. As anyone can construct such
        // a certificate this custom validator is less secure than the default behavior provided by the
        // ChainTrust X509CertificateValidationMode. The security implications of this should be carefully 
        // considered before using this validation logic in production code. 
        public override void Validate(X509Certificate2 certificate)
        {
            // Check that we have been passed a certificate
            if (certificate == null)
                throw new ArgumentNullException("certificate");

            // Only accept self-issued certificates
            if (certificate.Subject != certificate.Issuer)
                throw new SecurityTokenException("Certificate is not self-issued");
        }
    }

Now in your WCF service config file to use the custom certificate validator is shown below:

<behaviors>
      <serviceBehaviors>
        <behavior name="CalculatorServiceBehavior">
          <serviceDebug includeExceptionDetailInFaults="true"/>
          <serviceCredentials>
            <!-- 
            The serviceCredentials behavior allows one to specify authentication constraints on client certificates.
            -->
            <clientCertificate>
              <!-- 
              Setting the certificateValidationMode to Custom means that if the custom X509CertificateValidator
              does NOT throw an exception, then the provided certificate will be trusted without performing any
              validation beyond that performed by the custom validator. The security implications of this 
              setting should be carefully considered before using Custom in production code. 
              -->
              <authentication certificateValidationMode="Custom" customCertificateValidatorType="X509CertificateValidator.CustomX509CertificateValidator, service"/>
            </clientCertificate>
            <!-- 
            The serviceCredentials behavior allows one to define a service certificate.
            A service certificate is used by a client to authenticate the service and provide message protection.
            This configuration references the "localhost" certificate installed during the setup instructions.
            -->
            <serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>