When installing Active Roles, the following error is received
By default, some Windows Server installations do not recognize DigiCert as a valid certificate authority. In most cases, Windows Server will periodically download an updated certificate authority list from Microsoft.
Servers that do not have a live internet connection will not be able to download the updated certificate authority list, causing an invalid digital signature error.
To verify that this issue is present, check the following in the Active Roles setup file:
If The certificate in the signature cannot be verified message is observed, this indicates that Windows does not recognize DigiCert as an authorized Certificate Authority.
To resolve this issue, download the and install updated DigiCert root certificates to the Trusted Root Certification Authorities store on the affected host, or provide the host with a network connection and run Windows Updates.