In versions prior to r146 it was possible to create X509Certificate objects directly. Now that API is deprecated and the new one only deliveres a X509CertificateHolder object.

I cannot find a way to transform a X509CertificateHolder to X509Certificate.

How can this be done?

I will answer to my own questions, but not delete it, in case someone else got the same problems:

return new JcaX509CertificateConverter().setProvider( "BC" )
  .getCertificate( certificateHolder );

And for attribute certificates:

return new X509V2AttributeCertificate( attributeCertificateHolder.getEncoded() );

Not nice, as it is encoding and decoding, but it works.

Another option is this one :)

CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
InputStream in = new ByteArrayInputStream(certificateHolder.getEncoded());
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(in);

This is an possibility to get the X509CertificateHolder to X509Certificate and toString. (first sentence of the code is irrelevant)

X509CertificateHolder selfSignedCertificate = CertificateUtils.selfSignCertificate(certificationRequest, keyPair.getPrivate());
byte[] content = selfSignedCertificate.getEncoded();
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(content));
logger.debug("cert: {}", cert.toString());

........