Order of subject attributes in x509 certificate

Question

Is there a particular order in which the subject attributes - C, ST, L, O, OU, CN have to specified. openssl does not seem to enforce an order.

And while generating the Distinguished Name do we pick up all the subject attributes configured in the certificate? Does the ordering of the attributes matter ?

Answer 1

Is there a particular order in which the subject attributes - C, ST, L, O, OU, CN have to specified.

There is no order specified as far as I know. Order that you specify will be used and in this order will DN be generated in i.e. PKCS#10 request.

And while generating the Distinguished Name do we pick up all the subject attributes configured in the certificate?

CA may (and most probably will) use DN from your PKCS#10 request when issuing certificate but it can decide on a different order. Some RDNs (Relative Distinguished Names) can be moved to extensions, i.e. emailAddress or copied to extensions like CN to SubjectAlternativeName when issuing SSL server certificate.

Does the ordering of the attributes matter ?

Ordering does not IMHO matter. It might matter to some application that is consuming the certificate but in general ordering does not matter.

Answer 2

In theory, it doesn't matter but in practice, some crypto libraries are not able to build a chain if the order of tokens in the subject of parent certificate is different than the order of tokens in issuer field in child certificate. They should be exactly the same if you don't want to have any strange issues.

For example, even the windows 10 tool (mmc) doesn't display correctly the chain if the order of tokens in the subject/issuer field is different.