I had to do a lot of reading between multiple articles to get the details I was looking for from my original post. The information that helped things to clear up a bit for me was the following:

Each protocol (TCP, HTTP, MSMQ, NamedPipes) has its own mechanism for passing credentials and handling message protection.

Above is from the WCFSecurityGuide

Coming from a primarily web background I have a pretty good understanding of HTTP and securing it with a SSL cert. However this exact procedure is not required in a Windows environment for net.tcp which uses its own method in Windows to secure the transport layer.

So when it gets down to it, here are the (2) explinations in regards to securing a HTTP binding and net.tcp in a Windows environment that I wanted to understand:

For net.tcp: The service and clients are authenticated using Windows authentication, and the messages are secured at the transport level by Windows security

For a HTTP binding (i.e. wsHttpBinding): When using HTTP bindings, the transport security is provided by SSL. The SSL certificate is used to provide the message protection.

So I will not need a SSL cert for the net.tcp binding as that is handled by Windows Security and is inheriently secure when using Transport security. When using a wsHttpBinding I will still need to secure the Transport with a SSL certificate which I had done as mentioned previously, and exposed the binding via HTTPS.

If any future readers have similar questions the WCF guide link I posted and the link below are a good place to start:

Common WCF Security Scenarios:
http://msdn.microsoft.com/en-us/library/ms730301.aspx