a) To ensure that all certificates in a bundle are OK. There should be a clear 'line of trust' in output.
FILENAME=your.domain.crt
openssl crl2pkcs7 -nocrl -certfile $FILENAME | openssl pkcs7 -print_certs -noout
b) To ensure that the EC (Eliptic Curve) key in the csr and the certifciate is equal to the actual signing key run these 3 commands. The public key for each command should be the same.
NAME=your.domain
openssl ec -pubout -in $NAME.key
openssl req -noout -pubkey -in $NAME.csr
openssl x509 -noout -pubkey -in $NAME.crt