Failed Signature check is often seen to be caused by out-dated root certificates. Please take a look at this document that outlines the issue, and how to update your root certificates. These may need to be updated on both the console, and target machine(s).
This worked for me. I downloaded the "rootsupd.exe" file as the article mentioned, ran it on my Protect server, then from the console attempted the download again, all files worked perfectly this time.
Will I need to mess with this on all member computers or would fixing this on the console be good enough?
Root certificates are updated per machine. Your issue was downloading the patches which indicates the root certificates on the Console machine itself needed updated, but if you got this same error message when deploying patches to a target machine, you would need to update the root certificates on the target machines as well.