Security for vCenter Server is really important. However, it is an organization's security policy and architecture decision, whether to use certificates or not.

If your organization's policy requires a certificate then you must use one. Also, if there is a potential possibility of man-in-the-middle attacks when using management interfaces, such as vSphere Client, then using certificates is a must.

VMware products use standard X.509 Version 3 certificates to encrypt session information sent over Secure Socket Layer (SSL) protocol connections between components. However, by default, vSphere includes self-signed certificates. It is an organization's policy which will decide whether ...