APIリファレンスにちゃんと書いてありました。
java.security.cert.X509Certificate
を使うべき。
Note: The classes in the package javax.security.cert exist for compatibility with earlier versions of the Java Secure Sockets Extension (JSSE). New applications should instead use the standard Java SE certificate classes located in java.security.cert.
http://docs.oracle.com/javase/8/docs/api/javax/security/cert/X509Certificate.html