How do you verify SSL Certificate and Private Key matches?

Today I was working on installing a certificate on a client’s nginx server.  They already had an SSL certificate for the last couple of years to their previous tech left a mess of files and I needed to determine what files were meant to go together.

So to verify an RSA private key matches the public key in a certificate you need to verify the consistency of the private key and compare the modulus against each of the files.

Example:

[root@localhost certs]# openssl rsa -modulus -noout -in www.example.com.key | openssl md5
Enter pass phrase for www.example.com.key:
(stdin)= 3b7fe5fba303224aefc65659f7563c2b
[root@localhost certs]# openssl x509 -modulus -noout -in www.example.com.crt | openssl md5
(stdin)= 3b7fe5fba303224aefc65659f7563c2b

If there are any errors then you know the file is bad.  In my case, I can visually see the two modulus outputs with an md5 match.

So this certificate and private key go together.