diff --git a/doc-Service-Telemetry-Framework/assemblies/assembly_advanced-features.adoc b/doc-Service-Telemetry-Framework/assemblies/assembly_advanced-features.adoc
index 27f88bf1..92ae6afb 100644
--- a/doc-Service-Telemetry-Framework/assemblies/assembly_advanced-features.adoc
+++ b/doc-Service-Telemetry-Framework/assemblies/assembly_advanced-features.adoc
@@ -45,6 +45,12 @@ include::../modules/proc_creating-an-alert-route-with-templating-in-alertmanager
 //SNMP Traps
 include::../modules/proc_configuring-snmp-traps.adoc[leveloffset=+1]
 
+//TLS Certificates duration
+ifdef::include_when_13,include_when_17[]
+include::../modules/con_tls-certificates-duration.adoc[leveloffset=+1]
+include::../modules/proc_configuring-tls-certificates-duration.adoc[leveloffset=+2]
+endif::include_when_13,include_when_17[]
+
 //High availability
 include::../modules/con_high-availability.adoc[leveloffset=+1]
 include::../modules/proc_configuring-high-availability.adoc[leveloffset=+2]
diff --git a/doc-Service-Telemetry-Framework/modules/con_tls-certificates-duration.adoc b/doc-Service-Telemetry-Framework/modules/con_tls-certificates-duration.adoc
new file mode 100644
index 00000000..a804b4ad
--- /dev/null
+++ b/doc-Service-Telemetry-Framework/modules/con_tls-certificates-duration.adoc
@@ -0,0 +1,65 @@
+[id="tls-certificates-duration_{context}"]
+= Configuring the duration for the TLS certificates
+
+[role="_abstract"]
+To configure the duration of the TLS certificates that you use for the connections with
+Elasticsearch and {MessageBus} in {Project} ({ProjectShort}),
+modify the `ServiceTelemetry` object and configure the `certificates` parameters.
+
+[id="configuration-parameters-for-tls-certificates-duration_{context}"]
+== Configuration parameters for the TLS certificates
+
+You can configure the duration of the certificate with the following sub-parameters of the `certificates` parameter:
+
+endpointCertDuration:: The requested 'duration' or lifetime of the endpoint Certificate.
+Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration.
+The default value is `70080h`.
+caCertDuration:: The requested 'duration' or lifetime of the CA Certificate.
+Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration.
+Default value is `70080h`.
+
+NOTE:: The default duration of certificates is long, because you usually copy a subset of them in the {OpenStack} deployment when the certificates renew. For more information about the QDR CA Certificate renewal process, see xref:assembly-renewing-the-amq-interconnect-certificate_assembly[]
+
+The `certificates` parameter for Elasticsearch is part of the `backends.events.elasticsearch` definition and is configured in the `ServiceTelemetry` object:
+
+[source,yaml,options="nowrap"]
+----
+apiVersion: infra.watch/v1beta1
+kind: ServiceTelemetry
+metadata:
+  name: default
+  namespace: service-telemetry
+spec:
+...
+  backends:
+    ...
+    events:
+      elasticsearch:
+        enabled: true
+        version: 7.16.1
+        certificates:
+          endpointCertDuration: 70080h
+          caCertDuration: 70080h
+...
+----
+
+You can configure the `certificates` parameter for QDR that is part of the `transports.qdr` definition in the `ServiceTelemetry` object:
+
+[source,yaml,options="nowrap"]
+----
+apiVersion: infra.watch/v1beta1
+kind: ServiceTelemetry
+metadata:
+  name: default
+  namespace: service-telemetry
+spec:
+...
+  transports:
+    ...
+    qdr:
+      enabled: true
+      certificates:
+        endpointCertDuration: 70080h
+        caCertDuration: 70080h
+...
+----
diff --git a/doc-Service-Telemetry-Framework/modules/proc_configuring-tls-certificates-duration.adoc b/doc-Service-Telemetry-Framework/modules/proc_configuring-tls-certificates-duration.adoc
new file mode 100644
index 00000000..74c48b7d
--- /dev/null
+++ b/doc-Service-Telemetry-Framework/modules/proc_configuring-tls-certificates-duration.adoc
@@ -0,0 +1,54 @@
+[id="configuring-tls-certificates-duration_{context}"]
+= Configuring TLS certificates duration
+
+[role="_abstract"]
+To configure the duration of the TLS certificates to use with {Project} ({ProjectShort}), modify the `ServiceTelemetry` object and configure the `certificates` parameter.
+
+.Prerequisites
+
+* You didn't deploy an instance of Service Telemetry Operator already.
+
+NOTE:: When you create the `ServiceTelemetry` object, the required certificates and their secrets for {ProjectShort} are also created.
+For more information about how to modify the certificates and the secrets, see: xref:assembly-renewing-the-amq-interconnect-certificate_assembly[]
+The following procedure is valid for new {ProjectShort} deployments.
+
+.Procedure
+
+To edit the duration of the TLS certificates, you can set the Elasticsearch `endpointCertDuration`, for example `26280h` for 3 years, and set the QDR `caCertDuration`, for example `87600h` for 10 years.
+You can use the default value of 8 years for the CA certificate for Elasticsearch and endpoint certificate:
++
+[source,yaml,options="nowrap",role="white-space-pre"]
+----
+$ oc apply -f - <<EOF
+apiVersion: infra.watch/v1beta1
+kind: ServiceTelemetry
+metadata:
+  name: default
+  namespace: service-telemetry
+spec:
+  backends:
+    events:
+      elasticsearch:
+        enabled: true
+        certificates:
+          endpointCertDuration: 26280h
+  transport:
+    qdr:
+      enabled: true
+      certificates:
+        caCertDuration: 87600h
+EOF
+----
+
+.Verification
+
+. Verify that the expiry date for the certificates is correct:
++
+[source,bash,options="nowrap"]
+----
+$ oc get secret elasticsearch-es-cert -o jsonpath='{.data.tls\.crt}' | base64 -d  | openssl x509 -in - -text | grep "Not After"
+            Not After : Mar  9 21:00:16 2026 GMT
+
+$ oc get secret  default-interconnect-selfsigned -o jsonpath='{.data.tls\.crt}' | base64 -d  | openssl x509 -in - -text | grep "Not After"
+            Not After : Mar  9 21:00:16 2033 GMT
+----
\ No newline at end of file