Download TW Root Certificate | Download ThoughtWorks Root CA CRL
In order to verify the legitimate identity of someone trying to get access to a secure TW website like our T&E system, a user's browser needs to have installed an authorized TW "signature" (a certificate authority) which matches the same "signature" assigned to the TW website (a public key certificate). Because Thoughtworks uses its own certificates for this procedure, each Thoughtworker needs to install the appropriate TW certificate authority (the TW Root CA Certificate) in any browser used to gain access to secure TW websites. Otherwise, a pop-up window or a web page announcing a "security error" will appear each time a TWer tries to reach one of the secure TW websites. The purpose of this page is to show TWers how to download and install the TW CA Root Certificate for any browser they wish to use for gaining access to secure TW websites.
ThoughtWorks uses its own CA instead of using one of the vendors for its internal and some of the specific websites. ThoughtWorks does not host any client specific public websites.
All Thoughtworks-wide sites use our own CA certificate. Here is an FAQ regarding security, https and using our own certificate
NOTE: Internet Explorer 7 and Safari 3 will use certificates imported into the operating system. Firefox 3 has its own certificate store and must therefore be updated manually.
NOTE: If you are at a client site on a client machine, you might not have the appropriate permission in order to install the TW Root Certificate as described below. In this case, contact the IS department at the client site.
- Firefox 3 (All operating systems)
- Right-click on the link 'Download TW Root Certificate' near the top of the page (NOT 'Download ThoughtWorks Root CA CRL'), choose 'Save Link As...', and save the root certificate file to your Desktop.
- Open Firefox, then from the navigation bar, click 'Tools' > 'Options...'
- In the "Advanced" section, select the 'Encryption' tab, and then click the 'View Certificates' button.
- On the 'Authorities' tab, click 'Import...', then select the tw-root-ca-certificate file from your desktop.
- On the 'Downloading Certificate' dialog, check the "Trust this CA to identify web sites' box and click 'OK'.
- Click 'OK' to close the Certificate Manager window, and then 'OK' again to close the Options window.
- Close all Firefox browser windows, then launch Firefox again. Certificate should now be installed and functioning.
- You may delete the TW Root Certificate from your desktop.
- Windows XP SP2 (using IE7 for the download)
- Save the TW Root Certificate to your desktop by doing the following:
- Click the link 'Download TW Root Certificate' near the top of this page.
- In the pop-up that appears, choose the option 'Save'.
- Save the file 'tw-root-ca-certificate.crt' to your Desktop (make sure you point it to the desktop before you save.)
- Open the downloaded file and click "Install Certificate..." This will start the Certificate import wizard.
- Click 'Next', 'Next', and 'Finish' through the wizard.
- If a 'Security Warning'pops up, verify that it is in regards to "Thoughtworks-Root-CA' and click 'Yes'.
- A pop-up should report that 'The import was successful.'
- You may delete the TW Root Certificate from your desktop
- Save the TW Root Certificate to your desktop by doing the following:
- Mac OS 10.5 (using Safari 3)
- Click on the link in the upper right of this page entitled 'Download TW Root Certificate' and save it to your Desktop
- Open Keychain Access (Macintosh HD/Applications/Utilities/Keychain Access)
- Under the 'Keychains' menu on the left, click 'System'.
- Click the lock on the top-left corner to unlock the System Roots keychain.
- Click 'File'>'Import Items...' and find the 'tw-root-ca-certificate.crt' file on the desktop. Click 'Open'.
- You may be asked to enter the credentials of an Administrator. Enter your local user credentials.
- On the next window, click 'Always Trust'
- You may again be asked to enter the credentials of an Administrator. Enter your local user credentials.
- You may now close the Keychain Access application.
- You may delete the TW Root Certificate from your desktop.
- Windows Vista (using IE7 for the download)
- Click on the link in the upper right of this page entitled 'Download TW Root Certificate' and save it to your Desktop.
- Open the downloaded file. On the 'Certificate' screen, click 'Install Certificate...'. This will start the Certificate Import wizard.
- Click 'Next', 'Next', and 'Finish' through the wizard.
- A popup should say 'The import was successful.'
- Close out of any remaining windows.
- You may delete the TW Root Certificate from your desktop
- Ubuntu Linux 8.04
- Click on the link in the upper right of this page entitled 'Download TW Root Certificate' and save it to your Desktop.
- Open a terminal window
- Enter the following commands into the terminal:
- sudo mkdir -p /usr/share/ca-certificates/thoughtworks
- sudo cp Desktop/tw-root-ca-certificate.crt /usr/share/ca-certificates/thoughtworks/
- sudo dpkg-reconfigure ca-certificates
- When the dpkg-reconfigure application opens, choose 'ask'.
- Scroll down to the bottom of the list to tw-root-ca-certificate.crt and check its box (space bar)
- Press tab to exit the selection window, and enter to "click" 'Ok'.
In cryptography, a public key certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a public key with an identity - information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In a web of trust scheme, the signature is of either the user (a self-signed certificate) or other users ("endorsements"). In either case, the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together.
When a browser encounters a site with a public key certificate, it must verify it. Certificate verification is done by
verfiying the certificate authority's digital signature. Every browser comes equipped with a standard list of
certficate authorities. If your website's certificate is issued by one of these authorities, then the browser will be able
match the digital signature and, in turn, will trust the certficate and the website.
Because the TW Root CA is specific to the ThoughtWorks website, it does not come installed with any of the browsers,
so you must install the TW Root CA certificate to make sure that the certificate is trusted.
Thirdparty authorities just have the advantage that their root certificates come pre-installed in your browser, so the browser won't complain about it and will verify the digital signature.
However, TW would have to pay one of the third-party providers for this service. By providing our own certificates for our websites, we save money while being just as safe as third-party digital certificates are.
You should not get this pop-up if you have already installed the TW Root CA Certificate in your browser(s).
You should not have to, unless you are told to do so or you are one of our clients or you know the purpose for
visiting the site which requires you to install the TW Root CA.
Please understand that we do not have any public secure site which would require a third party to install our certificate.
If you encounter this, please let us know at info@thoughtworks.com
with the subject line : "Attention IS : TW Root CA required for Third-party".
If this occurs, you might want to check again with the resource who directed you to the ThoughtWorks secure site. This website is all about certificates and their
uses, but within ThoughtWorks and among ThoughtWorkers.
This is not our main CA server. Our main CA server sits inside our internal network, does not have access to the outside world, and has very restricted access. Its not even user accessible :-) This server is only there to host our root certificate and certificate revocation list.