I am extremely new in the field of information security, but they gave me a project to create a secure TLS certificate signed by our CA for a new security process. I found this thread (How to generate a unique and impossible to copy VPN certificate / key for a specific client hardware device?) It seems to be an answer to my problem.
Is this a safe method to create a certificate?
What are the protections in the use of a VSC?
And the line in the previous process " attestation AIK_AND_CERT" what is the purpose of this?