Secure LDAP - SSL certificate issue

First off happy new year,

Im having a few issues with LDAPS on a windows server 2008 AD

Details

Server - Windows server 2008 R2

Roles - Active directory, CA, DNS, FILE, ISS

SSL certificate - wildcard- *.inbay.co.uk created for IIS to be used with the exchange server. purchased from godaddy*

We are connecting to the sever via url ldap.inbay.com on port 636

Port forwarding and firewalls are fine- double checked it

When i try to connect it says it can not verify the issuer of the certificate, and its serving the self signed certificate for SSL LDAP connections.

I tested this with LDAP admin

i googled around and fount couple of articles.didn't help much

this is the output i get when i run the Certutil -VerifyStore MY command

Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.

PS C:\Users\Administrator> Certutil -VerifyStore MY
MY
================ Certificate 0 ================
Serial Number: 4b90e844870a99
Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository
, O=GoDaddy.com, Inc., L=Scottsdale, S=Arizona, C=US
 NotBefore: 12/03/2013 13:29
 NotAfter: 25/03/2014 10:18
Subject: CN=*.inbay.co.uk, OU=Domain Control Validated
Non-root Certificate
Template:
Cert Hash(sha1): b2 d6 9e 83 3c 58 54 83 52 fb 1a 15 50 ca 8c e3 ff 73 15 08
  Key Container = {71FC82A4-088D-4E7E-90F7-02518A4737D7}
  Unique container name: 9897d36f7e68959f5c8e90d29eb57258_17f1a298-bcac-495b-8ef3-1cc37965ce9e
  Provider = Microsoft Enhanced Cryptographic Provider v1.0
Encryption test passed
Verified Issuance Policies:
    2.16.840.1.114413.1.7.23.1
Verified Application Policies:
    1.3.6.1.5.5.7.3.1 Server Authentication
    1.3.6.1.5.5.7.3.2 Client Authentication
Certificate is valid

================ Certificate 1 ================
Serial Number: 3c56d548390980b8420af7c1965d2fd1
Issuer: CN=localhost
 NotBefore: 06/08/2013 10:27
 NotAfter: 06/08/2023 00:00
Subject: CN=localhost
Signature matches Public Key
Root Certificate: Subject matches Issuer
Template:
Cert Hash(sha1): 53 80 b4 86 29 33 14 be 3b 6f 77 12 0e c1 3d 9e a3 71 ba 34
  Key Container = IIS Express Development Certificate Container
  Unique container name: fad662b360941f26a1193357aab3c12d_17f1a298-bcac-495b-8ef3-1cc37965ce9e
  Provider = Microsoft RSA SChannel Cryptographic Provider
Encryption test passed
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)

SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)

CertContext[0][0]: dwInfoStatus=10c dwErrorStatus=20
  Issuer: CN=localhost
  NotBefore: 06/08/2013 10:27
  NotAfter: 06/08/2023 00:00
  Subject: CN=localhost
  Serial: 3c56d548390980b8420af7c1965d2fd1
  53 80 b4 86 29 33 14 be 3b 6f 77 12 0e c1 3d 9e a3 71 ba 34
  Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
  Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  Element.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
  Application[0] = 1.3.6.1.5.5.7.3.1 Server Authentication

Exclude leaf cert:
  da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90 af d8 07 09
Full chain:
  53 80 b4 86 29 33 14 be 3b 6f 77 12 0e c1 3d 9e a3 71 ba 34
  Issuer: CN=localhost
  NotBefore: 06/08/2013 10:27
  NotAfter: 06/08/2023 00:00
  Subject: CN=localhost
  Serial: 3c56d548390980b8420af7c1965d2fd1
  53 80 b4 86 29 33 14 be 3b 6f 77 12 0e c1 3d 9e a3 71 ba 34
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b01
09 (-2146762487)
------------------------------------
Verifies against UNTRUSTED root


================ Certificate 2 ================
Serial Number: 4ada0ad8a1800a8c4eca7496f0a354af
Issuer: CN=inbay-INBAY-DC01-CA, DC=inbay, DC=local
 NotBefore: 24/09/2013 14:51
 NotAfter: 24/09/2018 15:01
Subject: CN=inbay-INBAY-DC01-CA, DC=inbay, DC=local
CA Version: V0.0
Signature matches Public Key
Root Certificate: Subject matches Issuer
Template:
Cert Hash(sha1): 35 31 0a f7 22 ff 1e eb b9 e1 f7 46 07 b9 00 7e 26 72 11 26
  Key Container = inbay-INBAY-DC01-CA
  Unique container name: 3a799630eec48121d0d4d01abd8c671c_17f1a298-bcac-495b-8ef3-1cc37965ce9e
  Provider = Microsoft Software Key Storage Provider
Signature test passed
Verified Issuance Policies: All
Verified Application Policies: All
Certificate is valid

================ Certificate 3 ================
Serial Number: 1f744eb2000000000002
Issuer: CN=inbay-INBAY-DC01-CA, DC=inbay, DC=local
 NotBefore: 24/09/2013 17:26
 NotAfter: 24/09/2014 17:26
Subject: CN=Inbay-DC01.inbay.local
Certificate Template Name (Certificate Type): DomainController
Non-root Certificate
Template: DomainController, Domain Controller
Cert Hash(sha1): 04 d9 93 c9 8e 30 bb 10 bd 5c ad 15 86 fd 93 58 ff 1f 52 a4
  Key Container = 463be5b6728428cbeb4f0752659c5778_17f1a298-bcac-495b-8ef3-1cc37965ce9e
  Simple container name: le-DomainController-160a2aad-80f6-409a-b56c-37730ce782ec
  Provider = Microsoft RSA SChannel Cryptographic Provider
Private key is NOT exportable
Encryption test passed
Verified Issuance Policies: None
Verified Application Policies:
    1.3.6.1.5.5.7.3.2 Client Authentication
    1.3.6.1.5.5.7.3.1 Server Authentication
Certificate is valid
CertUtil: -verifystore command completed successfully.

Im worried about the following error we get, is it something i have to be worried about

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487)

What i did

I added the SSL cert to the trusted root

Added the cert to the default domain Group policy > computer config > security > public key policies

Thanks in advance for any assistance provided...