diff --git a/docs/administration.rst b/docs/administration.rst
index 9f377119..df027f70 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -172,6 +172,17 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c
         PUBLIC_CA_MAX_VALIDITY_DAYS = 365
 
 
+.. data:: INTERNAL_CA_MAX_VALIDITY_DAYS
+    :noindex:
+        Use this config to override the limit of 365 days of validity for certificates issued by internal CA. Any CA which is
+        not listed in PUBLIC_CA_AUTHORITY_NAMES will be treated as internal. Below example overrides the default validity of
+        365 days and sets it to 90 days.
+
+    ::
+
+        INTERNAL_CA_MAX_VALIDITY_DAYS = 90
+
+
 .. data:: DEBUG_DUMP
     :noindex:
 
diff --git a/lemur/authorities/schemas.py b/lemur/authorities/schemas.py
index 9f9d4686..e77c6456 100644
--- a/lemur/authorities/schemas.py
+++ b/lemur/authorities/schemas.py
@@ -110,6 +110,7 @@ class RootAuthorityCertificateOutputSchema(LemurOutputSchema):
     cn = fields.String()
     not_after = fields.DateTime()
     not_before = fields.DateTime()
+    max_issuance_date = fields.DateTime()
     owner = fields.Email()
     status = fields.Boolean()
     user = fields.Nested(UserNestedOutputSchema)
@@ -135,6 +136,7 @@ class AuthorityNestedOutputSchema(LemurOutputSchema):
     owner = fields.Email()
     plugin = fields.Nested(PluginOutputSchema)
     active = fields.Boolean()
+    authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_date"])
 
 
 authority_update_schema = AuthorityUpdateSchema()
diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py
index 58630ee6..9ea45409 100644
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@@ -311,6 +311,16 @@ class Certificate(db.Model):
     def validity_range(self):
         return self.not_after - self.not_before
 
+    @property
+    def max_issuance_date(self):
+        public_CA = current_app.config.get("PUBLIC_CA_AUTHORITY_NAMES", [])
+        if self.name.lower() in [ca.lower() for ca in public_CA]:
+            default_validity_days = current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
+        else:
+            default_validity_days = current_app.config.get("INTERNAL_CA_MAX_VALIDITY_DAYS", 365)   # 1 Year
+        issuance_validity_days = min(abs(self.not_after - arrow.utcnow()).days, default_validity_days)
+        return arrow.utcnow().shift(days=issuance_validity_days)
+
     @property
     def subject(self):
         return self.parsed_cert.subject
diff --git a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
index 027add0f..47de640e 100644
--- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
@@ -154,7 +154,7 @@
                  is-open="popup1.opened"
                  datepicker-options="dateOptions"
                  close-text="Close"
-                 max-date="certificate.authority.authorityCertificate.notAfter"
+                 max-date="certificate.authority.authorityCertificate.maxIssuanceDate"
                  min-date="certificate.authority.authorityCertificate.notBefore"
                  alt-input-formats="altInputFormats"
                  placeholder="Start Date"
@@ -174,7 +174,7 @@
                  is-open="popup2.opened"
                  datepicker-options="dateOptions"
                  close-text="Close"
-                 max-date="certificate.authority.authorityCertificate.notAfter"
+                 max-date="certificate.authority.authorityCertificate.maxIssuanceDate"
                  min-date="certificate.authority.authorityCertificate.notBefore"
                  alt-input-formats="altInputFormats"
                  placeholder="End Date"