vSphere encrypts session information using standard digital certificates. Using the default certificates that vSphere creates might not comply with the security policy of your organization. If you require a certificate
from a trusted certificate authority, you can replace the default certificate.Certificate checking is enabled by default and SSL certificates are used to encrypt network traffic. However, ESXi and vCenter Server use automatically generated certificates that are created as part of the installation process and stored on the server system. These certificates are unique and make it possible to begin using the server, but they are not verifiable and are not signed by a trusted, well-known certificate authority (CA).
These default certificates are vulnerable to possible man-in-the-middle attacks. To receive the full benefit of certificate checking, especially if you intend to use encrypted remote connections externally, install new certificates that are signed by a valid internal certificate authority or public key infrastructure (PKI) service. Alternatively, purchase a certificate from a trusted commercial security authority. For information about encryption and securing your vSphere environment, see the vSphere Security documentation.
