Certificate life cycle

I want to accelerate every Ziti identity’s life cycle (i.e., identity, router, controller) to ensure everything works smoothly. Identity and router enrollments seem to default to 365d. Which controller options should I set to bring the pain forward on potential certificate life cycle issues?

I know clients and routers can extend their identity expiry by requesting a new cert, and I’ve already set up auto-renewal for the controller’s server certs.