Hi,
that’s a hardcoded value following typical recommendations. AFAIK thanks to RHEL5 boundaries we’ve lowered this from 30 to 15 years. That was before we’ve invented the CA proxy and automated certificate renewal by clients who trust each other already.
If you really need a different duration, you need to manage the certificates outside of Icinga and generate your own. There’s a discussion topic for this here: Own CA for Icinga Cluster/API communication?
Cheers,
Michael