ThoughtWorks Root CA Server

Welcome to ThoughtWorks Root CA website.

Download TW Root Certificate | Download ThoughtWorks Root CA CRL

Context

In order to verify the legitimate identity of someone trying to get access to a secure TW website like our T&E system, a user’s browser needs to have installed an authorized TW “signature” (a certificate authority) which matches the same “signature” assigned to the TW website (a public key certificate). Because Thoughtworks uses its own certificates for this procedure, each Thoughtworker needs to install the appropriate TW certificate authority (the TW Root CA Certificate) in any browser used to gain access to secure TW websites. Otherwise, a pop-up window or a web page announcing a “security error” will appear each time a TWer tries to reach one of the secure TW websites.
The purpose of this page is to show TWers how to download and install the TW CA Root Certificate for any browser they wish to use for gaining access to secure TW websites.

ThoughtWorks uses its own CA instead of using one of the vendors for its internal and some of the specific websites. ThoughtWorks does not host any client specific public websites.
TO install the TW Root CA Certificate, Please click here to install it.
If you are looking for Certificate Revocation List. Please click here to access it.

All thoughtworks wide sites use our own CA certificate. here are some questions regarding security, https and using own certificate

ThoughtWorks Root Certificate FAQ: What is a certificate?

From Wikipedia certficate entry
In cryptography, a public key certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a public key with an identity - information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In a web of trust scheme, the signature is of either the user (a self-signed certificate) or other users ("endorsements"). In either case, the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together.

Why does my browser pop up a message when I try to access secure TW websites?

When a browser encounters a site with a public key certificate it must verify it. Certificate verification is done by verfiying the certificate authority's digital signature. Every browser comes equipped with a standard list of certficate authorities If your website's certificate is issued by one of these authorities, then the browser will be able match the digital signature and, in turn, will trust the certficate and the website.
Because the TW Root CA is specific to the ThoughtWorks website it does not come installed with any of the browsers, so you must install TW Root CA certificate to make sure that certificate is trusted.

Why does ThoughtWorks not use a third-party certificate authority issued certficate, such as Verisign or GoDaddy?

Thirdparty authorities just have the advantage that their root certificates come pre-installed in your browser, so the browser won't complain about it and will verify the digital signature.

However, TW would have to one of the third-party providers for this service. By providing our own certificates for our websites, we save money while being just as safe as third-party digital certificates are.

I always get a pop-up saying that certificate is not trusted?

You should not get this pop-up if you have already installed the TW Root CA Certificate in your browser(s). To install teh TW Root CA Certificate please click here.

Hey dude! I am not a ThoughtWorker. Why do I have to install your root CA?

You should not have to, unless you are told to do so or you are one of our clients or you know the purpose for visiting the site which requires you to install the TW Root CA.
Please understand that we do not have any public secure site which would require a third parties to install our certificate. If you encounter this please let us know at info@thoughtworks.com with the subject line : "Attention IS : TW Root CA required for Third-party".
If this occurs, you might want to check again with the resource who directed you to the ThoughtWorks secure site. This website is all about certificates and their uses, but within ThoughtWorks and among ThoughtWorkers.

Is this your real Root CA server, if so, then I am worried because you are exposing your CA server to the world?

This is not our main CA server. Our main CA server sits inside our internal network, does not have access to the outside world, and has very restricted access. Its not even user accessible :-)
This server is only there to host our root certificate and certificate revocation list.

If you have any other questions regarding this server and ThoughtWorks Root Certificate Policy or ThoughtWorks security policy, please contact Ajey Gore by e-email.