Dear @Mausoof,
Please read the below comments, otherwise your understanding is correct.
1- PCSID should be maintained as per each onboarded device, so one client may has multiple PCSIDs
2- the certificate which is used to sign the e-invoices (x.509 certificate) is the decoded (base64) BinarySecurityToken
3- Private key should be stored securely even if the client doesn’t require to sign the e-invoices i.e.(if the client only needs to send B2B invoices), because the private key is linked to the certificate, and if the private key has been lost/leaked for any reason, a new certificate should be obtained for that specific client.
Regards,