In my previous job as a hired consultant I generally wanted the Lync/Skype for Business servers to have certificates lasting beyond the two year default validity period. Why? Because I, along with the customer, would consider a Lync or Skype for Business solution to have a horizon stretching beyond two years – and therefore issuing a certificate that would expire only after two years would be meaningless.
There are a few things more to this than just creating a template that will allow you to issue a certificate with more than 2 years validity, like the default web server template. While setting up a CA in an external test environment I had to revisit this subject and it had me searching for Jeff Guillet’s nice article on the matter:
With just these few and simple steps you can easily control the validity of certificates by adjusting the templates accordingly.
All credits to Jeff!