Look at certs!

Check a private key

openssl rsa -in privateKey.key -check

Check a certificate

openssl x509 -in certificate.crt -text -noout

Check the subject in a certificate

openssl x509 -noout -subject -in certificate.crt

Check expiration with keytool

keytool -list -v -keystore keystore.jks

Check key file

openssl rsa -in file.key -check

Check modulus of both key and certificate

If these don’t match, the key and cert don’t belong together.

openssl rsa -modulus -noout -in file.key | openssl md5
openssl x509 -modulus -noout -in file.crt | openssl md5