Hmmm, but what if for some reason you need less than that? Well, that's where the adventure begins...
First you need to find where the certificate templates are stored. In the case of Enterprise CA it is the following path in Active Directory configuration partition:
CN=Certificate Templates,CN=Public Key Services,CN=Services.
So you open it with your tool of choice, quickly find your template by name; look at the attributes and... WTF? It's binary!
Now it's RTFM time.
MSDN says: "The attribute is an 8-byte octet string that initializes the FILETIME structure". That's nothing new, FILETIME is widely used in Active Directory, but usually it's not OCTETSTRING, but LARGEINTEGER and these "
FF FF FF" look suspicious, just because the value cannot be too large or negative - that contradicts the semantics of the Period-value.
The thing is: the attribute for some reason actually keeps negative FILETIME value and this fact has to be taken into account when working with such attributes.
The script below will help you to set the necessary value (in minutes) and takes two parameters: the actual name of the certificate template in question (caution: not the display name) and the validity interval in minutes.