In order to check if crt and private key match or not, run these commands

1. First command for getting the decryption of the server certificate

openssl x509 -noout -modulus -in /etc/certificate.crt | openssl md5

2. Second command for the (RSA) private key got from csr

openssl rsa -noout -modulus -in /etc/private.key | openssl md5

if both values match, that means the private key is the right key for the certificate.