Generating SSL key for Dovecot and Postfix

Question

Following this tutorial: https://www.vultr.com/docs/simple-mailserver-postfix-dovecot-sieve-debian

Trying to create a self-signed SSL certificate for testing purposes for my mail server, using code:

openssl req -newkey rsa:4096 -sha512 -x509 -days 365 -nodes -keyout /etc/dovecot/private/mykey.key -out /etc/dovecot/mycert.pem 

Now, modifying Postfix and Dovecot config files. What I don't understand is how this code:

smtpd_tls_cert_file = /etc/dovecot/private/mykey.pem smtpd_tls_key_file = /etc/dovecot/private/mycert.pem smtpd_use_tls = yes 

And this code:

ssl = yes ssl_key = /etc/dovecot/private/mykey.pem ssl_cert = /etc/dovecot/private/mycert.pem 

suppose to work? First of all there is only one file created - /etc/dovecot/private/mykey.key.

May be someone can explain what files does one suppose to get after running openssl command - PEM of KEY file?

EDIT: I understood that the result of this command:

openssl req -newkey rsa:4096 -sha512 -x509 -days 365 -nodes -keyout /etc/dovecot/private/mykey.key -out /etc/dovecot/mycert.pem 

should be 2 files generated - mykey.pem (unsigned key) and mycert.pem (self-signed certificate), but it is not happening. I have done it in different way:

openssl genrsa -out key.pem 2048 openssl req -new -key key.pem -out csr.pem openssl req -x509 -days 365 -key key.pem -in csr.pem -out certificate.pem 

But curious why is this shortcut-code not working? Where is the syntax mistake?

Answer 1

The comments from @drookie and @andytech helped me to solve the issue. There were no errors, just lack of understanding and attention.

After searching for answer even more, I found a good article about SSL-key generation: https://msol.io/blog/tech/create-a-self-signed-ssl-certificate-with-openssl/

Regarding the .pem absence, I have missed that the certificate is generated into /etc/dovecot/cert.pem and not into /etc/dovecto/private/cert.pem.