Content-centric networking (CCN) is a network architecture for transferring named data from producers to consumers upon request. This shifts security from that of a connection or channel to the content itself. There remains, however, many critical uses for the traditional client-server communication model with secure sessions. For instance, in many CCN applications, producers need a way to transfer key material or secret information to consumers. Not only does caching this content fail to serve multiple consumers, encrypting it under long-term, static keys does not afford them any forward secrecy. Consequently, there is a real and present need for a CCN-friendly protocol whose security properties meet or exceed similar transport security protocols in IP networks. In this paper, we present the design and implementation of the CCNx Key Exchange Protocol -- CCNxKE -- the first protocol design for bootstrapping encrypted service-centric sessions in CCN. We compare our design to that of existing IP-based transport security protocols to highlight important differences, discuss several important use cases for CCNxKE and secure sessions in CCN, and present a preliminary performance assessment. Our experiments indicate that session encryption adds, on average, a 30% data transfer latency compared to unencrypted traffic using our prototype implementation.