diff --git a/salt/ca/files/signing_policies.conf b/salt/ca/files/signing_policies.conf
index a6ecdd4c3..379cc514d 100644
--- a/salt/ca/files/signing_policies.conf
+++ b/salt/ca/files/signing_policies.conf
@@ -10,7 +10,7 @@ x509_signing_policies:
     - keyUsage: "digitalSignature, nonRepudiation"
     - subjectKeyIdentifier: hash
     - authorityKeyIdentifier: keyid,issuer:always
-    - days_valid: 3000
+    - days_valid: 820
     - copypath: /etc/pki/issued_certs/
   registry:
     - minions: '*'
@@ -23,7 +23,7 @@ x509_signing_policies:
     - keyUsage: "critical keyEncipherment"
     - subjectKeyIdentifier: hash
     - authorityKeyIdentifier: keyid,issuer:always
-    - days_valid: 3000
+    - days_valid: 820
     - copypath: /etc/pki/issued_certs/
   masterssl:
     - minions: '*'
@@ -36,7 +36,7 @@ x509_signing_policies:
     - keyUsage: "critical keyEncipherment"
     - subjectKeyIdentifier: hash
     - authorityKeyIdentifier: keyid,issuer:always
-    - days_valid: 3000
+    - days_valid: 820
     - copypath: /etc/pki/issued_certs/
   influxdb:
     - minions: '*'
@@ -49,7 +49,7 @@ x509_signing_policies:
     - keyUsage: "critical keyEncipherment"
     - subjectKeyIdentifier: hash
     - authorityKeyIdentifier: keyid,issuer:always
-    - days_valid: 3000
+    - days_valid: 820
     - copypath: /etc/pki/issued_certs/
   fleet:
     - minions: '*'
@@ -62,5 +62,5 @@ x509_signing_policies:
     - keyUsage: "critical keyEncipherment"
     - subjectKeyIdentifier: hash
     - authorityKeyIdentifier: keyid,issuer:always
-    - days_valid: 3000
+    - days_valid: 820
     - copypath: /etc/pki/issued_certs/
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 841fc32ff..134cee9a0 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -25,7 +25,7 @@ m2cryptopkgs:
     - public_key: /etc/pki/influxdb.key
     - CN: {{ master }}
     - days_remaining: 0
-    - days_valid: 3650
+    - days_valid: 820
     - backup: True
     - managed_private_key:
         name: /etc/pki/influxdb.key
@@ -42,7 +42,7 @@ m2cryptopkgs:
     - public_key: /etc/pki/filebeat.key
     - CN: {{ master }}
     - days_remaining: 0
-    - days_valid: 3650
+    - days_valid: 820
     - backup: True
     - managed_private_key:
         name: /etc/pki/filebeat.key
@@ -75,7 +75,7 @@ fbcrtlink:
     - public_key: /etc/pki/registry.key
     - CN: {{ master }}
     - days_remaining: 0
-    - days_valid: 3650
+    - days_valid: 820
     - backup: True
     - managed_private_key:
         name: /etc/pki/registry.key
@@ -90,7 +90,7 @@ fbcrtlink:
     - public_key: /etc/pki/masterssl.key
     - CN: {{ master }}
     - days_remaining: 0
-    - days_valid: 3650
+    - days_valid: 820
     - backup: True
     - managed_private_key:
         name: /etc/pki/masterssl.key
@@ -103,7 +103,7 @@ fbcrtlink:
     - CN: {{ master }}
     - bits: 4096
     - days_remaining: 0
-    - days_valid: 3650
+    - days_valid: 820
     - backup: True
 
 /etc/pki/fleet.crt:
@@ -112,7 +112,7 @@ fbcrtlink:
     - CN: {{ master }}
     - subjectAltName: DNS:{{ master }},IP:{{ masterip }}
     - days_remaining: 0
-    - days_valid: 3650
+    - days_valid: 820
     - backup: True
     - managed_private_key:
         name: /etc/pki/fleet.key
@@ -135,7 +135,7 @@ fbcertdir:
     - public_key: /opt/so/conf/filebeat/etc/pki/filebeat.key
     - CN: {{ master }}
     - days_remaining: 0
-    - days_valid: 3650
+    - days_valid: 820
     - backup: True
     - managed_private_key:
         name: /opt/so/conf/filebeat/etc/pki/filebeat.key