3. Verify that the Public Keys contained in the Private Key file and the Main/Server Certificate are the same:
openssl x509 -in certificate.pem -noout -pubkey
openssl rsa -in ssl.key -pubout
The output of these two commands should be the same.
4. Check that the Valid From and Valid To dates of the certificate are correct:
openssl x509 -noout -in certificate.pem -dates
Ensure that the current date is between the certificate's Not Before and Not After dates.
5. Check the validity of the Certificate Chain:
openssl verify -CAfile certificate-chain.pem certificate.pem
If the response is OK, the check is valid.
https://acquia.my.site.com/s/article/360004119234-Verifying-the-validity-of-an-SSL-certificate
https://forums.openvpn.net/viewtopic.php?t=18671