Alright it turned out that the certificates, that I am providing are probably missing some stuff.
A kibana certificate created with elasticsearch-certutil looks like this:
Bag Attributes
friendlyName: kibana-01
localKeyID: 54 69 6D 65 20 31 36 37 34 31 33 36 31 33 35 31 30 34
subject=CN = KIBANA-01
issuer=CN = Elastic Certificate Tool Autogenerated CA
-----BEGIN CERTIFICATE-----
MIIDY.........redacted........A5q5WgCp
-----END CERTIFICATE-----
Bag Attributes
friendlyName: ca
2.16.840.1.113894.746875.1.1: <Unsupported tag 6>
subject=CN = Elastic Certificate Tool Autogenerated CA
issuer=CN = Elastic Certificate Tool Autogenerated CA
-----BEGIN CERTIFICATE-----
MIIDS...............redacted..............1aF0=
-----END CERTIFICATE-----
The difference to my own certificates is the "Bag Attributes" and that the ca certificate is also appended to the kibana certificate. The kibana-cert.pem that I generated with my own CA ist simply the public certificate:
-----BEGIN CERTIFICATE-----
MIID......redacted.....WgCp
-----END CERTIFICATE-----
I don't have any more time to tinker with it but searching for bag attribute related issues I found this post, in which someone got it to work. Maybe this will help someone who stumbles across this thread.
Thank you all for your help 