Hi Ringo,
The following steps might help, please try this.
1. In the service definition, while creating the binding Provider Security->Transport Channel Authentication->Select X.509 SSL Client Certificate
2. I doubt it will allow you to change the existing Logical port to the Consumer proxy. But it allows you to create a new logical port. While creating the new Logical port in the Consumer Security tab, it will ask for SSL Client PSE of transaction STRUST, here you can select ANONYM.
Please let me know if it works.
Thanks
Naveen