diff --git a/server/irc.go b/server/irc.go
index 1112eadb..37966a37 100644
--- a/server/irc.go
+++ b/server/irc.go
@@ -22,9 +22,9 @@ func reconnectIRC() {
 			i.Password = server.Password
 			i.Realname = server.Realname
 
-			if user.Certificate != nil {
+			if cert := user.GetCertificate(); cert != nil {
 				i.TLSConfig = &tls.Config{
-					Certificates: []tls.Certificate{*user.Certificate},
+					Certificates: []tls.Certificate{*cert},
 				}
 			}
 
diff --git a/server/websocket_handler.go b/server/websocket_handler.go
index 1ce85cbb..136fe891 100644
--- a/server/websocket_handler.go
+++ b/server/websocket_handler.go
@@ -105,9 +105,9 @@ func (h *wsHandler) connect(b []byte) {
 		i.Password = data.Password
 		i.Realname = data.Realname
 
-		if h.session.user.Certificate != nil {
+		if cert := h.session.user.GetCertificate(); cert != nil {
 			i.TLSConfig = &tls.Config{
-				Certificates: []tls.Certificate{*h.session.user.Certificate},
+				Certificates: []tls.Certificate{*cert},
 			}
 		}
 
diff --git a/storage/user.go b/storage/user.go
index 5c4a66b2..08a4a0e9 100644
--- a/storage/user.go
+++ b/storage/user.go
@@ -41,11 +41,11 @@ type Message struct {
 }
 
 type User struct {
-	UUID        string
-	Certificate *tls.Certificate `json:"-"`
+	UUID string
 
 	messageLog   *bolt.DB
 	messageIndex bleve.Index
+	certificate  *tls.Certificate
 	lock         sync.Mutex
 }
 
diff --git a/storage/user_cert.go b/storage/user_cert.go
index 069e0309..13d95353 100644
--- a/storage/user_cert.go
+++ b/storage/user_cert.go
@@ -12,13 +12,21 @@ var (
 	ErrCouldNotSaveCert = errors.New("Could not save certificate")
 )
 
+func (u *User) GetCertificate() *tls.Certificate {
+	u.lock.Lock()
+	cert := u.certificate
+	u.lock.Unlock()
+
+	return cert
+}
+
 func (u *User) SetCertificate(certPEM, keyPEM []byte) error {
 	cert, err := tls.X509KeyPair(certPEM, keyPEM)
 	if err != nil {
 		return ErrInvalidCert
 	}
 	u.lock.Lock()
-	u.Certificate = &cert
+	u.certificate = &cert
 	u.lock.Unlock()
 
 	err = os.MkdirAll(Path.User(u.UUID), 0700)
@@ -55,6 +63,6 @@ func (u *User) loadCertificate() error {
 		return err
 	}
 
-	u.Certificate = &cert
+	u.certificate = &cert
 	return nil
 }