You can verify if a private key file matches a certificate file by comparing their modulus (which you can retrieve using openssl). I've wrapped this in the little script below.
param(
[String]$cert,
[string]$key
)
$certMod = openssl x509 -noout -modulus -in $cert
$keyMod = openssl rsa -noout -modulus -in $key