keytool does not eliminate duplicate certs when importing a reply. It also does not report an error and the cert chain in keystore is invalid after import.

This is a small regression since we decided to generate the whole chain in 6937978. Before 6937978, after generate a cert using keytool -gencert, we cat the output and all CA certs into keytool -importcert, now that the output already contains CA certs, dup entries should be removed.