Replace vCenter Server Certificate
vCenter server uses an automatically generated self-signed certificate after the installation. As with ESXi Server, this may not be desirable in some environment and requires use of a CA signed certificate.
As you may be aware when you access vCenter for the first time using vSphere Client or vSphere Web Client, you will receive a certificate warning message as the certificate vCenter uses is not signed by a known CA.
Replace ESXi Certificate
The ESXi host uses automatically generated certificates that are created as part of the installation process. These certificates are unique and make it possible to begin using the server, but they are not verifiable and they are not signed by a trusted, well-known certificate authority (CA).
Using default certificates might not comply with the security policy of your organization. If you require a certificate from a trusted certificate authority, you can replace the default certificate.