In order to check if crt and private key match or not, run these commands
1. First command for getting the decryption of the server certificate
openssl x509 -noout -modulus -in /etc/certificate.crt | openssl md5
2. Second command for the (RSA) private key got from csr
openssl rsa -noout -modulus -in /etc/private.key | openssl md5
if both values match, that means the private key is the right key for the certificate.