I'm trying to download the Windows Java EE installer from Oracle's website but I continually receive "The digital signature of the object did not verify" error messages when I check the digital signature of the downloaded file.

I've tried the following searches on this site (and similar searches on Google with no success):

1. java ee +"digital signature" +"did not verify"
   • 1 unrelated result
2. java ee +"digital signature" +invalid
   • 2 unrelated results

I've downloaded the files on 3 separate machines, where each is running a different version of Windows (WinXP 32-bit, WinVista 32-bit & Win7 64-bit) and I get the same result. The machine running WinXP is my laptop, which I have tried on 2 completely different networks to download the files without success.

The files I have downloaded are (along with the certificate's serial number and thumbprint and whether the signature was valid):

• java_ee_sdk-6u3-jdk7-windows.exe
  • Signature does not verify
  • Serial Number: 5e f1 dc 1e fb 1e 46 b5 de 80 ed e1 76 2a 55 a7
  • Thumbprint: 9e 2b 73 43 3c 7f f0 be 9c 2e 54 6c 46 a3 d1 6a 6c da cf 32
• java_ee_sdk-6u3-windows.exe
  • Signature does not verify
  • Serial Number: 5e f1 dc 1e fb 1e 46 b5 de 80 ed e1 76 2a 55 a7
  • Thumbprint: 9e 2b 73 43 3c 7f f0 be 9c 2e 54 6c 46 a3 d1 6a 6c da cf 32
• jdk-7-windows-i586.exe
  • Signature verifies
  • Serial Number: 5e f1 dc 1e fb 1e 46 b5 de 80 ed e1 76 2a 55 a7
  • Thumbprint: 9e 2b 73 43 3c 7f f0 be 9c 2e 54 6c 46 a3 d1 6a 6c da cf 32
• jdk-7-windows-x64.exe
  • Signature verifies
  • Serial Number: 5e f1 dc 1e fb 1e 46 b5 de 80 ed e1 76 2a 55 a7
  • Thumbprint: 9e 2b 73 43 3c 7f f0 be 9c 2e 54 6c 46 a3 d1 6a 6c da cf 32

I downloaded the JDK 7 installers as a comparison and their signatures verify. As you can see by the serial numbers and thumbprints above, all the files are signed with the same certificate. However, the Java EE installers fail signature verification.

The fact that I can download both the JDK 7 installer and the Java EE installer on the same machine, on the same network, with both files being signed by the same certificate, and have different signature verification results would seem to imply that the Java EE installer was corrupted between being signed by Oracle and being received by me.

This seems to rule out a certificate problem on my machines (since I can verify the JDK 7 file - which is signed by the same certificate) and point to either a man-in-the-middle attack, or a corrupted file on the server. However, if Oracle were pushing out a corrupted file, I'm sure I would have found mention of it - since this problem has been occurring for the past couple of weeks.

The likelihood of a man-in-the-middle attack would appear to be reduced by the fact that the issue occurs when using different networks.

I've tried everything that I can think of and have come up empty.

Is anyone aware of others having this issue and more importantly, does anyone have any suggestions as to what may be causing this?