It's possible to load a SSL PEM bundle with a private key and a certificate which doesn't match. The webserver will happily start up, and then break on the first request.
We should add a property which verifies that the private key matches the public key in the certificate to catch such errors on startup.