Day 1: What Is an HSM? Hardware Security and Key Custody Day 2: PKCS#11 — The Interface Between Software and Hardware Day 3: SoftHSM2 + cryptoki — First Steps Day 4: Sign and Verify with a PKCS#11 Key Day 5: Key Ceremony — Offline Root CA and Quorum Control Day 6: AWS CloudHSM Architecture Day 7: Week 1 Challenge — Key Ceremony Simulation + PKCS#11 Exploration
Day 8: ACM Private CA Overview — CA Hierarchy Design Day 9: ACM PCA API — Creating and Activating a CA Day 10: Certificate Templates — What ACM PCA Can Issue Day 11: IssueCertificate — The Core Issuance Flow Day 12: Revocation — CRL, OCSP, and RevokeCertificate Day 13: Audit Logging — CloudTrail + ACM PCA Audit Reports Day 14: Week 2 Challenge — CA Hierarchy + Issuance Flow Design
Day 15: Failure Mode Analysis — What Breaks and When Day 16: Cross-Account ACM PCA Sharing and Multi-Region DR Day 17: SPIRE + ACM PCA Integration Day 18: PQC + ACM PCA — Algorithm Roadmap and Current Gaps Day 19: Cost Model and Make-vs.-Buy Analysis Day 20: Complete acm-pca-design.md §5–6 Day 21: Phase 5 Final Challenge — hsm-demo + acm-pca-design.md