vSphere encrypts session information using standard digital certificates. Using the default certificates that vSphere creates might not comply with the security policy of your organization. If you require a certificate
from a trusted certificate authority, you can replace the default certificate.
Certificate checking is enabled by default and SSL certificates are used to encrypt network traffic. However,
ESXi and vCenter Server use automatically generated certificates that are created as part of the installation
process and stored on the server system. These certificates are unique and make it possible to begin using the
server, but they are not verifiable and are not signed by a trusted, well-known certificate authority (CA).
These
default certificates are vulnerable to possible man-in-the-middle attacks.
To receive the full benefit of certificate checking, especially if you intend to use encrypted remote connections
externally, install new certificates that are signed by a valid internal certificate authority or public key
infrastructure (PKI) service. Alternatively, purchase a certificate from a trusted commercial security authority.
For information about encryption and securing your vSphere environment, see the vSphere Security
documentation.