Comment 1 for bug 244412

Actually, I also get an error adding any certificate, even if it doesn’t already exist.

Running hooks in /etc/ca-certificates/update.d....Owner: OU=MIT Certification Authority, O=Massachusetts Institute of Technology, ST=Massachusetts, C=US
Issuer: OU=MIT Certification Authority, O=Massachusetts Institute of Technology, ST=Massachusetts, C=US
…blah blah blah…
Trust this certificate? [no]: keytool error: java.lang.IllegalArgumentException

I think the -trustcacerts and/or -noprompt options need to be passed to keytool to fix this.