After successfully generating a Certificate Signing Request, you will get a Private Key. This key needs to be stored in a safe place. You can match the CSR and Private key by keeping them in the same directory. In case you are dealing with multiple orders, it becomes more crucial that the certificate matches up with the key. Only this can ensure proper installation of your SSL certificate.
Run the following OpenSSL commands to make sure that all the 3 matches.openssl pkey -in privateKey.key -pubout -outform pem | sha256sum openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum openssl req -in CSR.csr -pubkey -noout -outform pem | sha256sum