Is there a particular order in which the subject attributes - C, ST, L, O, OU, CN have to specified. openssl does not seem to enforce an order.
And while generating the Distinguished Name do we pick up all the subject attributes configured in the certificate? Does the ordering of the attributes matter ?
Is there a particular order in which the subject attributes - C, ST, L, O, OU, CN have to specified.
There is no order specified as far as I know. Order that you specify will be used and in this order will DN be generated in i.e. PKCS#10 request.
And while generating the Distinguished Name do we pick up all the subject attributes configured in the certificate?
CA may (and most probably will) use DN from your PKCS#10 request when issuing certificate but it can decide on a different order. Some RDNs (Relative Distinguished Names) can be moved to extensions, i.e. emailAddress or copied to extensions like CN to SubjectAlternativeName when issuing SSL server certificate.
Does the ordering of the attributes matter ?
Ordering does not IMHO matter. It might matter to some application that is consuming the certificate but in general ordering does not matter.