diff --git a/book/changelog.md b/book/changelog.md
index 747d4d6c..3b0f49b3 100644
--- a/book/changelog.md
+++ b/book/changelog.md
@@ -222,3 +222,5 @@ This will be the first release of Grapevine since it was forked from Conduit
     ([!58](https://gitlab.computer.surgery/matrix/grapevine-fork/-/merge_requests/58))
 16. Added support for configuring and serving `/.well-known/matrix/...` data.
     ([!90](https://gitlab.computer.surgery/matrix/grapevine-fork/-/merge_requests/90))
+17. Added support for configuring old verify/signing keys in config (`federation.old_verify_keys`)
+    ([!96](https://gitlab.computer.surgery/matrix/grapevine-fork/-/merge_requests/96))
diff --git a/src/config.rs b/src/config.rs
index 51761f85..01e65bc1 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -1,12 +1,16 @@
 use std::{
     borrow::Cow,
+    collections::BTreeMap,
     fmt::{self, Display},
     net::{IpAddr, Ipv4Addr},
     path::{Path, PathBuf},
 };
 
 use once_cell::sync::Lazy;
-use ruma::{OwnedServerName, RoomVersionId};
+use ruma::{
+    api::federation::discovery::OldVerifyKey, OwnedServerName,
+    OwnedServerSigningKeyId, RoomVersionId,
+};
 use serde::Deserialize;
 
 use crate::error;
@@ -288,6 +292,7 @@ pub(crate) struct FederationConfig {
     pub(crate) trusted_servers: Vec<OwnedServerName>,
     pub(crate) max_fetch_prev_events: u16,
     pub(crate) max_concurrent_requests: u16,
+    pub(crate) old_verify_keys: BTreeMap<OwnedServerSigningKeyId, OldVerifyKey>,
 }
 
 impl Default for FederationConfig {
@@ -299,6 +304,7 @@ impl Default for FederationConfig {
             ],
             max_fetch_prev_events: 100,
             max_concurrent_requests: 100,
+            old_verify_keys: BTreeMap::new(),
         }
     }
 }
diff --git a/src/service/globals/data.rs b/src/service/globals/data.rs
index 6971e2e2..28e7e512 100644
--- a/src/service/globals/data.rs
+++ b/src/service/globals/data.rs
@@ -18,17 +18,29 @@ use crate::{services, Result};
 /// don't require post-validation
 #[derive(Deserialize, Debug, Clone)]
 pub(crate) struct SigningKeys {
+    // FIXME: Use [`OwnedServerSigningKeyId`] as key
+    // Not yet feasibly because they get passed to `verify_event`, see https://github.com/ruma/ruma/pull/1808
     pub(crate) verify_keys: BTreeMap<String, VerifyKey>,
     pub(crate) old_verify_keys: BTreeMap<String, OldVerifyKey>,
+
     pub(crate) valid_until_ts: MilliSecondsSinceUnixEpoch,
 }
 
 impl SigningKeys {
     /// Creates the `SigningKeys` struct, using the keys of the current server
     pub(crate) fn load_own_keys() -> Self {
+        let old_verify_keys = services()
+            .globals
+            .config
+            .federation
+            .old_verify_keys
+            .iter()
+            .map(|(id, key)| (id.to_string(), key.clone()))
+            .collect();
+
         let mut keys = Self {
             verify_keys: BTreeMap::new(),
-            old_verify_keys: BTreeMap::new(),
+            old_verify_keys,
             valid_until_ts: MilliSecondsSinceUnixEpoch::from_system_time(
                 SystemTime::now() + Duration::from_secs(7 * 86400),
             )