To find out if some private key was used to generate new certificate request, you can use the following commands and compare the hashes.
openssl pkey -in privateKey.key -pubout -outform pem | sha256sum
openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum
openssl req -in CSR.csr -pubkey -noout -outform pem | sha256sum
On macOS you can replace sha256sum with shasum -a 256.