Credential backends use has_fingerprint() methods to select keys/certificates