I have a REST service that I would like to require client certificates. The system.serviceModel looks as follows:

  <system.serviceModel>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
    <standardEndpoints>
      <webHttpEndpoint>
        <!-- 
            Configure the WCF REST service base address via the global.asax.cs file and the default endpoint 
            via the attributes on the <standardEndpoint> element below
        -->
        <standardEndpoint name="TestService" helpEnabled="true" automaticFormatSelectionEnabled="true"/>
      </webHttpEndpoint>
    </standardEndpoints>
  </system.serviceModel>

I tried modifying the standardEndpoint to be:

<standardEndpoint name="TestService" helpEnabled="true" automaticFormatSelectionEnabled="true">
  <security mode="Transport">
    <transport clientCredentialType="Certificate" />
  </security>
</standardEndpoint>

But that did not help. What am I missing to enable client certificates?

Standard bindings don't support that syntax. You have to define it on the webHttpBinding under bindings and give it no name. That way it applies to all webHttoBinding(s).

<system.serviceModel>
        <bindings>
            <webHttpBinding>
                <binding>
                    <security mode="Transport">
                        <transport clientCredentialType="Certificate" />
                    </security>
                </binding>
            </webHttpBinding>
        </bindings>
        <standardEndpoints>
            <webHttpEndpoint>
                <standardEndpoint name="TestService" helpEnabled="true" automaticFormatSelectionEnabled="true"/>
            </webHttpEndpoint>
        </standardEndpoints>
    </system.serviceModel>

got a DNS tab in the config? something like

<dns value="localhost" /> 

hope this hepls