tls: What are the security protections in using a VSC generated by TPM to create a CSR?

I am extremely new in the field of information security, but they gave me a project to create a secure TLS certificate signed by our CA for a new security process. I found this thread (How to generate a unique and impossible to copy VPN certificate / key for a specific client hardware device?) It seems to be an answer to my problem.

Is this a safe method to create a certificate?

What are the protections in the use of a VSC?

And the line in the previous process " attestation AIK_AND_CERT" what is the purpose of this?