I'm just searching the same, but the other direction, because what happens in a few months, when Chrome reports certificate errors when a certificate is created after september 1st and is valid longer than 398 days?
ESXi host certificates are created with a 5 year certificate, this i can configure:
vpxd.certmgmt.certs.daysValid
But the machine certificate will be issued with 2 years, here i didn't found a way to configure this.