Introduce load_unknown_x509_certificate()

load_unknown_x509_certificate() serves for the cases where we
can't be sure what the format of its input certificate is. This
is the case for installers, it should not be used anywhere else.

https://pagure.io/freeipa/issue/4985

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>

ipaserver/install/cainstance.py

@@ -582,7 +582,8 @@ class CAInstance(DogtagInstance):
         elif self.external == 2:
             cert_file = tempfile.NamedTemporaryFile()
             with open(self.cert_file) as f:
-                x509.write_certificate(f.read(), cert_file.name)
+                ext_cert = x509.load_unknown_x509_certificate(f.read())
+            cert_file.write(ext_cert.public_bytes(x509.Encoding.PEM))
             cert_file.flush()
 
             result = ipautil.run(