Yes, it is both, the cert and the key… Plus the certificate needs to be exported in pkcs12 format before the keystore import. Here are the commands we use:
openssl pkcs12 -export -in cert.pem -inkey key.pem > tomcat.p12
keytool -importkeystore -srckeystore tomcat.p12 -destkeystore dest.jks -srcstoretype pkcs12
The keytool import/creation command ask to create 2 passwords, one for the key and one for the store, which is the difficult part to automate without a clear text password.