diff --git a/dpe/src/commands/certify_key.rs b/dpe/src/commands/certify_key.rs
index ba5b4180..7dae438a 100644
--- a/dpe/src/commands/certify_key.rs
+++ b/dpe/src/commands/certify_key.rs
@@ -249,9 +249,10 @@ impl CommandExecution for CertifyKeyCmd {
 mod tests {
     use super::*;
     use crate::{
-        commands::{Command, CommandHdr, InitCtxCmd},
+        commands::{Command, CommandHdr, InitCtxCmd, DeriveContextCmd, DeriveContextFlags},
         dpe_instance::tests::{TestTypes, SIMULATION_HANDLE, TEST_LOCALITIES},
         support::Support,
+        x509::tests::TcbInfo,
     };
     use caliptra_cfi_lib_git::CfiCounter;
     use cms::{
@@ -625,4 +626,62 @@ mod tests {
             assert!(extension.critical);
         }
     }
+
+    #[test]
+    fn test_certify_key_order() {
+        CfiCounter::reset_for_test();
+        let mut env = DpeEnv::<TestTypes> {
+            crypto: OpensslCrypto::new(),
+            platform: DefaultPlatform,
+        };
+        let auto_measurement = [0u8; DPE_PROFILE.get_hash_size()];
+        let mut dpe = DpeInstance::new_auto_init(&mut env, Support::X509 | Support::AUTO_INIT, 0, auto_measurement).unwrap();
+
+        // Derive context twice with different types
+        let mut derive_cmd = DeriveContextCmd {
+            handle: ContextHandle::default(),
+            data: [1; DPE_PROFILE.get_tci_size()],
+            flags: DeriveContextFlags::MAKE_DEFAULT | DeriveContextFlags::INPUT_ALLOW_X509,
+            tci_type: 0,
+            target_locality: 0,
+        };
+
+        derive_cmd.execute(&mut dpe, &mut env, TEST_LOCALITIES[0]).unwrap();
+        derive_cmd.tci_type += 1;
+        derive_cmd.execute(&mut dpe, &mut env, TEST_LOCALITIES[0]).unwrap();
+
+        let certify_cmd = CertifyKeyCmd {
+            handle: ContextHandle::default(),
+            flags: CertifyKeyFlags(0),
+            label: [0; DPE_PROFILE.get_hash_size()],
+            format: CertifyKeyCmd::FORMAT_X509,
+        };
+
+        let certify_resp = match certify_cmd
+            .execute(&mut dpe, &mut env, TEST_LOCALITIES[0])
+            .unwrap()
+        {
+            Response::CertifyKey(resp) => resp,
+            _ => panic!("Wrong response type."),
+        };
+
+        let mut parser = X509CertificateParser::new().with_deep_parse_extensions(true);
+        let (_, cert) = parser.parse(&certify_resp.cert[..certify_resp.cert_size.try_into().unwrap()]).unwrap();
+
+        let multi_tcb_info = cert
+            .get_extension_unique(&oid!(2.23.133 .5 .4 .5))
+            .unwrap()
+            .unwrap();
+        let mut parsed_tcb_infos = asn1::parse_single::<asn1::SequenceOf<TcbInfo>>(multi_tcb_info.value).unwrap();
+
+
+        let first = parsed_tcb_infos.next().unwrap();
+        let second = parsed_tcb_infos.next().unwrap();
+        let third = parsed_tcb_infos.next().unwrap();
+
+        assert_eq!(first.tci_type.unwrap(), &[0, 0, 0, 0]);
+        assert_eq!(second.tci_type.unwrap(), &[0, 0, 0, 0]);
+        assert_eq!(third.tci_type.unwrap(), &[0, 0, 0, 1]);
+    }
 }
+
diff --git a/dpe/src/dpe_instance.rs b/dpe/src/dpe_instance.rs
index 09a4ff27..97ed0b89 100644
--- a/dpe/src/dpe_instance.rs
+++ b/dpe/src/dpe_instance.rs
@@ -334,6 +334,8 @@ impl DpeInstance {
             out_idx += 1;
         }
 
+        nodes[..out_idx].reverse();
+
         Ok(out_idx)
     }
 
diff --git a/dpe/src/lib.rs b/dpe/src/lib.rs
index 83b67717..0f436e75 100644
--- a/dpe/src/lib.rs
+++ b/dpe/src/lib.rs
@@ -30,7 +30,7 @@ pub const MAX_HANDLES: usize = 24;
 include!(concat!(env!("OUT_DIR"), "/arbitrary_max_handles.rs"));
 
 const CURRENT_PROFILE_MAJOR_VERSION: u16 = 0;
-const CURRENT_PROFILE_MINOR_VERSION: u16 = 9;
+const CURRENT_PROFILE_MINOR_VERSION: u16 = 10;
 
 const INTERNAL_INPUT_INFO_SIZE: usize = size_of::<GetProfileResp>() + size_of::<u32>();
 
diff --git a/dpe/src/x509.rs b/dpe/src/x509.rs
index 02e02344..f1827ecf 100644
--- a/dpe/src/x509.rs
+++ b/dpe/src/x509.rs
@@ -1729,7 +1729,7 @@ impl CertWriter<'_> {
     ///    version       INTEGER { v1(0) } (v1,...),
     ///    subject       Name,
     ///    subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
-    ///    attributes    [0] Attributes{{ CRIAttributes }}}  
+    ///    attributes    [0] Attributes{{ CRIAttributes }}}
     /// }
     ///
     /// # Arguments
@@ -1776,7 +1776,7 @@ impl CertWriter<'_> {
     /// CertificateRequest  ::=  SEQUENCE  {
     ///    certificationRequestInfo       CertificationRequestInfo,
     ///    signatureAlgorithm             AlgorithmIdentifier,
-    ///    signatureValue                 BIT STRING  
+    ///    signatureValue                 BIT STRING
     /// }
     ///
     /// Returns number of bytes written to `certificate`
@@ -1835,7 +1835,7 @@ impl CertWriter<'_> {
 }
 
 #[cfg(test)]
-mod tests {
+pub(crate) mod tests {
     use crate::tci::{TciMeasurement, TciNodeData};
     use crate::x509::{CertWriter, DirectoryString, MeasurementData, Name};
     use crate::DPE_PROFILE;
@@ -1854,7 +1854,7 @@ mod tests {
     }
 
     #[derive(asn1::Asn1Read)]
-    struct TcbInfo<'a> {
+    pub struct TcbInfo<'a> {
         #[implicit(0)]
         _vendor: Option<asn1::Utf8String<'a>>,
         #[implicit(1)]
@@ -1868,13 +1868,13 @@ mod tests {
         #[implicit(5)]
         _index: Option<u64>,
         #[implicit(6)]
-        fwids: Option<asn1::SequenceOf<'a, Fwid<'a>>>,
+        pub fwids: Option<asn1::SequenceOf<'a, Fwid<'a>>>,
         #[implicit(7)]
         _flags: Option<asn1::BitString<'a>>,
         #[implicit(8)]
-        vendor_info: Option<&'a [u8]>,
+        pub vendor_info: Option<&'a [u8]>,
         #[implicit(9)]
-        tci_type: Option<&'a [u8]>,
+        pub tci_type: Option<&'a [u8]>,
     }
 
     #[derive(asn1::Asn1Read)]