Security for vCenter Server is really important. However, it is an organization's security policy and architecture decision, whether to use certificates or not.
If your organization's policy requires a certificate then you must use one. Also, if there is a potential possibility of man-in-the-middle attacks when using management interfaces, such as vSphere Client, then using certificates is a must.
VMware products use standard X.509 Version 3 certificates to encrypt session information sent over Secure Socket Layer (SSL) protocol connections between components. However, by default, vSphere includes self-signed certificates. It is an organization's policy which will decide whether to use self-signed certificates or the internally-signed or externally-signed certificates. You need to purchase externally signed certificates, but that is not the case if you use internally signed certificates or self-signed.
You need to keep a backup...