The installation of the on-premises server fails due to invalid digital signature
The on-premises server is missing the Digicert Root CA certificate or if you do not have Internet access, or have a restrictive firewall or proxy, setup may be failing to verify the signature because it cannot access the online certificate revocation list (CRL).
In order to resolve the missing certificate issue, please open the certificates manager (you can launch it from Run -> certmgr.msc).
Import the Digicert root ca certificate, it is attached to this article, in case you need it (DigiCertRootCA.cer).
For more information about a second workaround, checking the CRL settings, please review this blog article