With reference to https://ggus.eu/index.php?mode=ticket_info&ticket_id=160759, "the discrepancy in the Root CA should NOT have caused an issue unless some old s/w was being used [...]
My guess it is an issue in some non-openssl code, maybe Bouncy Castle if it is Java."