If [Certificate.PrivateKey] implements [crypto.MessageSigner], its SignMessage
method is used instead of Sign in TLS 1.2 and later.