The installation of the on-premises server fails due to invalid digital signature (cab1.cab)
The on-premises server is missing the Digicert Root CA certificate or if you do not have Internet access, or have a restrictive firewall or proxy, setup may be failing to verify the signature because it cannot access the online certificate revocation list (CRL).
As you can see below screenshot shows our installer is signed and our certificate is signed by Digicert. If you do not have the root certificate you will notice red x.
In order to resolve the missing certificate issue, please open the certificates manager (you can launch it from Run -> certmgr.msc).
Import the Digicert root ca certificate, it is attached to this article, in case you need it (DigiCert.pfx), password: Qa123456.
For more information about a second workaround, checking the CRL settings, please review this blog article