CA signs the TBSCertificate, this is a pretty known fact.
m means producing the hash value of
m then encrypting
m. For example: https://simple.wikipedia.org/wiki/RSA_algorithm#Signing_messages
Does this apply to signing certificates?
Here the answerer says:
The most important is that both your encrypt boxes are wrong, they should say sign.