I had the same issue with our new RapidSSL certificate. Try to import step by step and not all together in one file:

1. Import keys
   kyrtool ="C:\Notes\notes.ini" import keys  -k "C:\Notes\Data\keyring.kyr" -i "C:\Notes\Data\server.key" -n "CN=my.domain.com"
    
2. Import roots
   kyrtool ="C:\Notes\notes.ini" import roots -k "C:\Notes\Data\keyring.kyr" -i "C:\Notes\Data\root.pem"
   kyrtool ="C:\Notes\notes.ini" import roots -k "C:\Notes\Data\keyring.kyr" -i "C:\Notes\Data\intermediateroot.pem"
    
3. Import cert
   kyrtool ="C:\Notes\notes.ini" import certs -k "C:\Notes\Data\keyring.kyr" -i "C:\Notes\Data\server.pem"

Regards,

Gilbert

Hi,

The same AVA Separator error occured in one file.
>kyrtool import all -i c:\temp\all.txt -k c:\temp\keyfile.kyr

Importing key with -n argument, I had the same issue.     
>kyrtool import keys -i c:\temp\server.key -k c:\temp\keyfile.kyr -n host.example.co.jp

Importing key without -n argument, SECIssUpdateKeyringPrivateKey succeeded.
>kyrtool import keys -i c:\temp\server.key -k c:\temp\keyfile.kyr

Continuously, importing roots and cert step by step are OK.
> kyrtool import roots -i c:\temp\root.pem -k c:\temp\keyfile.kyr
> kyrtool import roots -i c:\temp\intermediate1.pem -k c:\temp\keyfile.kyr
> kyrtool import roots -i c:\temp\intermediate2.pem -k c:\temp\keyfile.kyr
> kyrtool import certs -i c:\temp\server.cer -k c:\temp\keyfile.kyr

Is this workaround? I spent two days in this work.

Make sure you do not add a pass phrase - Geotrust recommend you don't.  If you do then you may get the errors in step 6 - Access to data denied', it's because you added a password to your csr file (where you added your website name etc...).  It also have me an error of  'SECIssUpdateKeyringPrivateKey returned error 0x0103'  - seems like I was the only numb nut to do this.