You import a certificate for two reasons:
to add it to the list of trusted certificates, or
to import a certificate reply received from a CA as the result of submitting a Certificate Signing Request (see the -certreq command) to that CA.
Which type of import is intended is indicated by the value of the -alias option:
If the alias does not point to a key entry, then keytool assumes you are adding a trusted certificate entry. In this case, the alias should not already exist in the keystore. If the alias does already exist, then keytool outputs an error, since there is already a trusted certificate for that alias, and does not import the certificate.
If the alias points to a key entry, then keytool assumes you are importing a certificate reply.