The org.forgerock.opendj.security.X509CertificateBuilder class provides a simple stable API for constructing X509 certificates which could be useful outside of the DJ code-base. In particular, the AM team use BouncyCastle for generating key-pairs in unit tests, but these break frequently as a result of changes to BC's APIs. In addition the BC APIs are hard to use.
It should be noted that the X509CertificateBuilder class only generates EC keys. We should be careful to keep this class relatively simple and lightweight.