But trying to download anything with wget leads to:
WARNING: cannot verify ftp.drupal.org's certificate, issued by 'CN=GlobalSign Organization Validation CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE': Unable to locally verify the issuer's authority.
Unfortunately when, for reason or another, you are stuck with an older distribution that hasn't updated their CA certificates for a while you will hit the above when trying to download something with wget.
Annoying isn't it ?
And googling around about it leads to nothing. There is no Real(tm) upstream distribution of CAs and it is very poorly documented how you are supposed to do that manually, IMHO.
The problem is that you are missing "GlobalSign_Root_CA_-_R3.pem" and of course the relevant hash symlink to it "/etc/ssl/certs/062cdee6.0"
To fix the issues you can copy over the "GlobalSign_Root_CA_-_R3.pem" from a more up to date system (usually in /usr/share/ca-certificates or in /etc/ssl/certs) into /etc/ssl/certs/ and then run c_rehash and the you should have:
root@xxxxx:/etc/ssl/certs # ls -l /etc/ssl/certs/062cdee6.0 lrwxrwxrwx 1 root root 27 Jan 20 13:14 /etc/ssl/certs/062cdee6.0 -> GlobalSign_Root_CA_-_R3.pem
Now it should work!