Update:
For no particular reason (and I have got similar results doing this before before)...
In a fresh install of the VM I selected the "E-mail" panel, then immediately re-selected the Manage SSL certificates panel, re-entered my certificate/key/chain data, clicked Save, the data was accepted, and I received the message "Success Operation status report" "Success - New Certificate details written" (i.e. no "Operation status report Error: CSRF token is invalid or outdated" timeout error).
I notice this time that /etc/dovecot/ssl/imapd.pem WAS updated, and is correct - a concatenation of the three files.
Of course, after this, my browser - running server-manager - saw the new key, and needed to be refreshed, as anticipated. The correct crt/key/chain data now continues to show up in the fields on the "Manage SSL Certificates" panel.
What is also interesting, is that if I hit "Save" again, without updating the (now correct) data in the crt/key/chain fields, I do NOT get the "Operation status report Error: CSRF token is invalid or outdated" error.
That's the new VM install, of course: the "Manage SSL certs" panel on my perm install still won't work. I recreated the self-cert crt/key pair in /etc/pki/dovecot/certs & key directories, and now I can clear the fields in the manager panel, but it still won't accept my "real" files. The "config setprop..." method works.
There's a lot of stuff there; I hope it helps.