The import command is used to add a complete key pair (private & public) to the key store.
You already have the private key in the key store, and need to receive the certificate which was created by the CA.
Also, you created a jks key store (as required by IIB), not a pkcs12, so your command referencing a pkcs12 format store can't find the file you are referencing.
Instead of the import command on runmqckm, you need to use receive...
That is: runmqckm -cert -receive -db NODESVI1_key.jks -type jks -file ./iib-firmato.cer -format ascii If the CA returned a binary certificate file instead of PEM format, change -format ascii to -format binary.