When given a private key and a signed SSL certificate, to validate whether the private key matches that of the certificate:

# openssl x509 -modulus -noout -in server.crt
Modulus=BEF773CAF4790...

# openssl rsa -modulus -noout -in server.key
Modulus=BEF773CAF4790...

If the two modulus matches, the private key is for the certificate.

See Also[edit]