diff --git a/src/api/server_server.rs b/src/api/server_server.rs
index 74eeac31..dbfa6615 100644
--- a/src/api/server_server.rs
+++ b/src/api/server_server.rs
@@ -4,7 +4,7 @@ use std::{
     mem,
     net::{IpAddr, SocketAddr},
     sync::Arc,
-    time::{Duration, Instant, SystemTime},
+    time::Instant,
 };
 
 use axum::{response::IntoResponse, Json};
@@ -22,7 +22,6 @@ use ruma::{
             directory::{get_public_rooms, get_public_rooms_filtered},
             discovery::{
                 get_server_keys, get_server_version, ServerSigningKeys,
-                VerifyKey,
             },
             event::{
                 get_event, get_missing_events, get_room_state,
@@ -70,7 +69,10 @@ use super::appservice_server;
 use crate::{
     api::client_server::{self, claim_keys_helper, get_keys_helper},
     observability::{FoundIn, Lookup, METRICS},
-    service::pdu::{gen_event_id_canonical_json, PduBuilder},
+    service::{
+        globals::SigningKeys,
+        pdu::{gen_event_id_canonical_json, PduBuilder},
+    },
     services,
     utils::{self, dbg_truncate_str, MxcData},
     Ar, Error, PduEvent, Ra, Result,
@@ -577,29 +579,31 @@ pub(crate) async fn get_server_version_route(
 // Response type for this endpoint is Json because we need to calculate a
 // signature for the response
 pub(crate) async fn get_server_keys_route() -> Result<impl IntoResponse> {
-    let mut verify_keys: BTreeMap<OwnedServerSigningKeyId, VerifyKey> =
-        BTreeMap::new();
-    verify_keys.insert(
-        format!("ed25519:{}", services().globals.keypair().version())
-            .try_into()
-            .expect("found invalid server signing keys in DB"),
-        VerifyKey {
-            key: Base64::new(
-                services().globals.keypair().public_key().to_vec(),
-            ),
-        },
-    );
+    fn convert_key_ids<K>(
+        keys: BTreeMap<String, K>,
+    ) -> BTreeMap<OwnedServerSigningKeyId, K> {
+        keys.into_iter()
+            .map(|(id, key)| {
+                let id = id
+                    .try_into()
+                    .expect("found invalid server signing keys in DB");
+                (id, key)
+            })
+            .collect()
+    }
+
+    let keys = SigningKeys::load_own_keys();
+    let verify_keys = convert_key_ids(keys.verify_keys);
+    let old_verify_keys = convert_key_ids(keys.old_verify_keys);
+
     let mut response = serde_json::from_slice(
         get_server_keys::v2::Response {
             server_key: Raw::new(&ServerSigningKeys {
                 server_name: services().globals.server_name().to_owned(),
                 verify_keys,
-                old_verify_keys: BTreeMap::new(),
+                old_verify_keys,
                 signatures: BTreeMap::new(),
-                valid_until_ts: MilliSecondsSinceUnixEpoch::from_system_time(
-                    SystemTime::now() + Duration::from_secs(86400 * 7),
-                )
-                .expect("time is valid"),
+                valid_until_ts: keys.valid_until_ts,
             })
             .expect("static conversion, no errors"),
         }