The default validity time for the self-signed Token Signing Certificate is 365 days (not 30).
- I am not sure of the maximum value. I have seen customers with 3 years (that's the longest I have seen being used, but it is not the longest accepted value)
- The Token Signing Certificate (the cert required to create the trust) is a farm certificate. It is the same pair of keys on every nodes.
- The command is taking effect only for the next certificate generation cycle.