When attempting to access the Harbor URL in the browser, it shows that the certificate is Not secure.

First, you will need to validate that the certificate has not expired. Go to Ops Manager -> Harbor tile -> Certificate, and save the certificate to a file (harbor.crt).

Then decode this like so:

chmod 600 harbor.crt

openssl x509 -in harbor.crt -text -noout

If the certificate has expired, you will need to rotate it as per the documentation:

https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-operations-manager/3-0/tanzu-ops-manager/security-pcf-infrastructure-rotate-configurable-certs.html

If the certificate is not expired and looks valid, we will need to validate where the browser error is coming from. If you run (replacing ip with your Harbor VM IP):

openssl s_client -showcerts -connect <ip>:443 -servername <harbor-endpoint>

This should return the same certificate details as Ops Manager -> Harbor tile -> Certificate, as we are connecting directly to Harbor.

However, if you then run:

openssl s_client -showcerts -connect <harbor-endpoint>:443

This will return the same cerificate as used in the browser connection.

If these two commands return different outputs, it means that there is something in the connection between the browser and the Harbor VM. Likely a Load Balancer. This is what is returning the insecure cert info, and should be investigated.