diff --git a/certidude/api/lease.py b/certidude/api/lease.py
index ef07e86..a20ea08 100644
--- a/certidude/api/lease.py
+++ b/certidude/api/lease.py
@@ -2,6 +2,7 @@
 import click
 import falcon
 import logging
+import os
 import xattr
 from datetime import datetime
 from certidude import config, authority, push
@@ -31,15 +32,23 @@ class LeaseDetailResource(object):
 class LeaseResource(object):
     @authorize_server
     def on_post(self, req, resp):
-        common_name = req.get_param("client", required=True)
-        path, buf, cert, signed, expires = authority.get_signed(common_name) # TODO: catch exceptions
+        client_common_name = req.get_param("client", required=True)
+        path, buf, cert, signed, expires = authority.get_signed(client_common_name) # TODO: catch exceptions
         if req.get_param("serial") and cert.serial_number != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan
             raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied")
+        now = datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z"
 
         xattr.setxattr(path, "user.lease.outer_address", req.get_param("outer_address", required=True).encode("ascii"))
         xattr.setxattr(path, "user.lease.inner_address", req.get_param("inner_address", required=True).encode("ascii"))
-        xattr.setxattr(path, "user.lease.last_seen", datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z")
-        push.publish("lease-update", common_name)
+        xattr.setxattr(path, "user.lease.last_seen", now)
+        push.publish("lease-update", client_common_name)
+
+        server_common_name = req.context.get("machine")
+        path = os.path.join(config.SIGNED_DIR, server_common_name + ".pem")
+        xattr.setxattr(path, "user.lease.outer_address", "")
+        xattr.setxattr(path, "user.lease.inner_address", "%s" % req.context.get("remote_addr"))
+        xattr.setxattr(path, "user.lease.last_seen", now)
+        push.publish("lease-update", server_common_name)
 
         # client-disconnect is pretty much unusable:
         # - Android Connect Client results "IP packet with unknown IP version=2" on gateway
diff --git a/certidude/auth.py b/certidude/auth.py
index 7d74a8d..e57208d 100644
--- a/certidude/auth.py
+++ b/certidude/auth.py
@@ -199,6 +199,7 @@ def authorize_server(func):
         for extension in cert["tbs_certificate"]["extensions"]:
             if extension["extn_id"].native == "extended_key_usage":
                 if "server_auth" in extension["extn_value"].native:
+                    req.context["machine"] = cert.subject.native["common_name"]
                     return func(resource, req, resp, *args, **kwargs)
         logger.info("TLS authenticated machine '%s' not authorized to access administrative API", cert.subject.native["common_name"])
         raise falcon.HTTPForbidden("Forbidden", "Machine not authorized to perform the operation")
diff --git a/certidude/static/views/lease.html b/certidude/static/views/lease.html
index e9d2835..2795e77 100644
--- a/certidude/static/views/lease.html
+++ b/certidude/static/views/lease.html
@@ -2,5 +2,7 @@
 Last seen
 <time class="timeago" datetime="{{ certificate.lease.last_seen }}">{{ certificate.lease.last_seen }}</time>
 at
-<a href="http://{{ certificate.lease.inner_address }}">{{ certificate.lease.inner_address }}</a>.
+<a href="http://{{ certificate.lease.inner_address }}">{{ certificate.lease.inner_address }}</a>{% if certificate.lease.outer_address %}
+from
+<a target="{{ certificate.lease.outer_address }}" href="http://geoiplookup.net/ip/{{ certificate.lease.outer_address }}">{{ certificate.lease.outer_address }}</a>{% endif %}.
 
diff --git a/certidude/static/views/status.html b/certidude/static/views/status.html
deleted file mode 100644
index 6fe2ad1..0000000
--- a/certidude/static/views/status.html
+++ /dev/null
@@ -1,17 +0,0 @@
-<span>
-  {% if certificate.lease %}
-    <svg height="32" width="32">
-      <circle cx="16" cy="16" r="13" stroke="black" stroke-width="3" fill="{% if certificate.lease %}{% if certificate.lease.age > session.authority.lease.offline %}#0072CF{% elif certificate.lease.age > session.authority.lease.dead %}#D6083B{%else %}#55A51C{% endif %}{% endif %}"/>
-    </svg>
-    {% if certificate.lease.age > session.authority.lease.offline %}
-      Last seen <time class="timeago" datetime="{{ certificate.lease.last_seen }}">{{ certificate.lease.last_seen }}</time>
-      at {{ certificate.lease.inner_address }}
-    {% else %}
-      Online since <time class="timeago" datetime="{{ certificate.lease.last_seen }}">{{ certificate.lease.last_seen }}</time> at
-      <a target="{{ certificate.lease.inner_address }}" href="http://{{ certificate.lease.inner_address }}">{{ certificate.lease.inner_address }}</a>
-    {% endif %}
-    via
-    <a target="{{ certificate.lease.outer_address }}"
-        href="http://geoiplookup.net/ip/{{ certificate.lease.outer_address }}">{{ certificate.lease.outer_address }}</a>
-  {% endif %}
-</span>