diff --git a/modules/fediverse.py b/modules/fediverse.py
index 5a8a27a1..80dcafdf 100644
--- a/modules/fediverse.py
+++ b/modules/fediverse.py
@@ -1,3 +1,5 @@
+#--require-config tls-certificate
+
 import urllib.parse
 from src import ModuleManager, utils
 
@@ -137,11 +139,17 @@ class Module(ModuleManager.BaseModule):
             event["stdout"].write("%s: %s - %s" % (preferred_username,
                 content, shorturl))
 
+    def _ap_self(self):
+        our_username = self.bot.get_setting("fediverse", None)
+        return _parse_username(our_username)
+    def _ap_self_id(self, for_url, our_username):
+        return "https://%s" % url_for("api", "ap-user", {"u": our_username})
+
+
     @utils.hook("api.get.ap-webfinger")
     @utils.kwarg("authenticated", False)
-    def webfinger(self, event):
-        our_username = self.bot.get_setting("fediverse", None)
-        our_username, our_instance = _parse_username(our_username)
+    def ap_webfinger(self, event):
+        our_username, our_instance = self._ap_self()
 
         resource = event["params"].get("resource", None)
         if resource and resource.startswith("acct:"):
@@ -150,11 +158,10 @@ class Module(ModuleManager.BaseModule):
 
             if (requested_username == our_username and
                     requested_instance == our_instance):
+
+                self_id = self._ap_self_id(event["url_for"], our_username)
+
                 event["response"].content_type = "application/jrd+json"
-
-                location = "https://%s" % event["url_for"]("api", "ap-user",
-                    {"u": our_username})
-
                 event["response"].write_json({
                     "aliases": [location],
                     "links": [{
@@ -164,3 +171,34 @@ class Module(ModuleManager.BaseModule):
                     }],
                     "subject": resource
                 })
+    @utils.hook("api.get.ap-user")
+    @utils.kwarg("authenticated", False)
+    def ap_user(self, event):
+        our_username, our_instance = self._ap_self()
+        username = event["params"].get("u", None)
+        if username and username == our_username:
+            self_id = self._ap_self._id(event["url_for"], our_username)
+            inbox = event["url_for"]("api", "ap-inbox", {"u": our_username})
+
+            cert_filename = self.bot.config["tls-certificate"]
+            with open(cert_filename) as cert_file:
+                cert = cert_file.read()
+
+            event["response"].content_type = ("application/ld+json; "
+                "profile=\"https://www.w3.org/ns/activitystreams\"")
+            event["response"].write_json({
+                "@context": [
+                    "https://www.w3.org/ns/activitystreams",
+                    "https://w3id.org/security/v1"
+                ],
+                "id": self_id,
+                "type": "Person",
+                "preferredUsername": our_username,
+                "inbox": index,
+
+                "publicKey": {
+                    "id": "%s#key" % self_id,
+                    "owner": self_id,
+                    "publicKeyPem": cert
+                }
+            })