It seems GlobalSign's R1 root certificate is not in the default trust CA in CentOS 7.3.
I check the list of Trusted CA's like this:
awk -v cmd='openssl x509 -noout -subject' '
/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-bundle.crt
Here is the list of GlobalSign's root certificates: https://support.globalsign.com/customer/portal/articles/1426602-globalsign-root-certificates
Is there a reason why the R1 is not in that list?