SSL/TLS certificate management (key, crt, and pem)

Question

I have a question about TLS/SSL (self-signed certificates)

I am trying to open a connection using several tools (ncat, socat) by using TLS/SSL. Of course first i need to generate certificate. (Key is a KEY, and Cert is a CERT, PEM is an encoded format). I have found 2 different ways.

1) openssl req -new -x509 -keyout test-key.pem -out test-cert.pem.

2) openssl req -newkey rsa:2848 -nodes -keyout test.key -x589 -out test-cert.crt
   cat test-key.key test-cert.crt > test-pem.pem

My questions:

1. Why at the end of the day we combine CERT with KEY? Should not CERT already have KEY inside?
2. Why on most tutorials, we send(by listener on socat/ncat) key with cert, if cert already have a key?

(Assume we do not verify cert)

Thanks for support.

SOLVED.

Answer 1

Should not CERT already have KEY inside?

The certificate has the public key inside. The key file is the private key. The public key can be visible to others (as does the rest of the certificate), the private key should be kept secret.