From https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1250&ratingconfirm=1 How do I verify that a private key matches a certificate? To verify that a private key matches its certificate you need to compare the modulus of the certificate against the modulus of the private key. get modulus of certificate and key: openssl x509 -noout -modulus -in server.crt > certificate_modulus openssl rsa -noout -modulus -in myserver.key > key_modulus then compare them: diff certificate_modulus key_modulus If the modulus of the certificate and the modulus of the private key do not match, then you're not using the right private key.