Windows Server Validate certificate chain with powershell


New Member
I'm trying to write a script which validates certificate chain in PowerShell (that all certificates in the chain are not expired) and finds the certificate which is closest to expiration. I'm using following script to find issuer certificate:

Get-ChildItem -Recurse -Path Cert: | Where-Object { $_.Subject -eq $Certificate.Issuer }

For some reasons for some certificates I get more then one certificate with different Thumbprints, which have the same issuer name and I expected that should be only one.

Is there any other property of the certificate which uniquely identifies the issuer certificate? Maybe there is some other approach to validate certificate chain?