How to verify that SSL certificate matches key

In order to verify that OpenSSL key matches certificate you can run following command: For key:
openssl rsa -noout -modulus -in  yourdomain.key | openssl md5
and for certificate:
openssl x509 -noout -modulus -in  yourdomain.crt | openssl md5
and for CSR (Certificate Signing Request):
openssl req -noout -modulus -in  yourdomain.csr | openssl md5
In all cases you should get the same output, for example:
(stdin)= d41d8cd98f00b204e9800998ecf8427e
If the output is the same in all cases this means that keys match certificate. If the output is different in even one case, you have a mismatch somewhere.
If you have multiple certificates in one .crt file, for example your domain SSL certs and CA certs, make sure your certificate is at the top of the file, because this tool checks only first certificate from the input file.