In harbor.cfg, make sure the attribute ui_url_protocol is set to https, and the attributes ssl_cert and ssl_cert_key are pointed to valid certificates. For more information about generating https certificate please refer to: Configuring HTTPS for Harbor
Suppose the Harbor instance is hosted on a machine 192.168.0.5
If you are using a self-signed cetificate, make sure to copy the CA root cert to /etc/docker/certs.d/192.168.0.5/ and ~/.docker/tls/192.168.0.5:4443/
It can be done via setting envrironment variables:
export DOCKER_CONTENT_TRUST=1
export DOCKER_CONTENT_TRUST_SERVER=https://192.168.0.5:4443
Because by default the local directory for storing meta files for notary client is different from docker client. If you want to use notary client to manipulate the keys/meta files generated by Docker Content Trust, please set the alias to reduce the effort:
alias notary="notary -s https://192.168.0.5:4443 -d ~/.docker/trust --tlscacert /etc/docker/certs.d/192.168.0.5/ca.crt"