Secure LDAP auth on windows machine inside domain

I'm looking for some help with setting up LDAP-Auth.

Scenaria is:
- Computer in Windows Domain runs postgreSQL
- The AD-DC is using a self-signed certificate
- That cert is already imported to trusted root cert store on that computer
- LDAP auth without encryption does work fine
   (
   ldap ldapserver=???.???.???.de ldaptls=0 
ldapbasedn="CN=Users,DC=???,DC=???,DC=???" 
ldapbinddn="CN=prodatbind,CN=Users,DC=???,DC=???,DC=???" 
ldapbindpasswd="???" ldapsearchattribute="sAMAccountName"
   )
- i'm trying to logon as prodatadmin (prodatbind account is just for the 
ldap-bind)
- Now either tls or ldaps needs to be activated



If i change to tls=1 i get the errormessage:

2021-05-21 13:38:35.639 CEST [968] LOG:  could not start LDAP TLS 
session: Lokaler Fehler
2021-05-21 13:38:35.639 CEST [968] DETAIL:  LDAP diagnostics: Lokaler Fehler
2021-05-21 13:38:35.640 CEST [968] FATAL:  LDAP authentication failed 
for user "prodatadmin"

Lokaler Fehler -> local error


if i change to ldaps i get the errormessage:

2021-05-21 13:41:34.759 CEST [13412] LOG:  could not perform initial 
LDAP bind for ldapbinddn "CN=prodatbind,CN=Users,DC=???,DC=???,DC=???" 
on server "???.???.???.???": Server heruntergefahren
2021-05-21 13:41:34.759 CEST [13412] DETAIL:  LDAP diagnostics: Server 
heruntergefahren
2021-05-21 13:41:34.760 CEST [13412] FATAL:  LDAP authentication failed 
for user "prodatadmin"

Server heruntergefahren -> Server is down


with ldapadmin (ldapadmin.org) i can connect with ssl or tls. I just get 
a warning about the certificate.
So what do i need to do, to get postgrSQL LDAP to accept that certificate?

Thx