Solution :
I have encountered the same issue in the recent past even though my ca-certificates package is up-to-date. The mirror is currently signed by the DigiCert High Assurance EV Root CA which is also included in my ca-bundle as follows:
$ grep -A 3 "DigiCert High" /etc/ssl/certs/ca-bundle.crt
# DigiCert High Assurance EV Root CA
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
The reason behind my https connections failed was in my case the system date was set to the year 2002 in which the DigiCert High Assurance EV Root CA is not (yet) valid.
$ date
Di 1. Jan 11:10:35 CET 2002
So I just changed the system time and it fixed the issue for me.
If above approach is not working for you then you can try below alternative one:
yum install elfutils-default-yama-scope-0.168-8.el7.noarch --disablerepo=epel
yum install nss-pem -disablerepo=epel
yum reinstall ca-certificates --disablerepo=epel
yum clean all
rm -rf /var/cache/yum
yum update`