Obviously I did a mistake performing these steps manual. Together with
the fact that certutil also returns "archived" certificates (which I could
not see via the Windows UI) and a bug in handling the "Not After:" property
returned by certutil, this caused the problem that we extracted a wrong
certificate. The wrong certificate indeed expired one day ago.
So there was no problem with nodejs or the certificate itself, I just
extracted the wrong certificate with certutil.