diff --git a/vault/expiration.go b/vault/expiration.go
index 2388c1c19d0d..2175784b2f9a 100644
--- a/vault/expiration.go
+++ b/vault/expiration.go
@@ -768,14 +768,14 @@ func (m *ExpirationManager) RenewToken(req *logical.Request, source string, toke
 		// framework.LeaseExtend call against the request. Also, cap period value to
 		// the sys/mount max value.
 		if resp.Auth.Period > sysView.MaxLeaseTTL() {
-			retResp.AddWarning(fmt.Sprintf("Period of %s is greater than current mount/system default of %s, value will be truncated.", resp.Auth.TTL, sysView.MaxLeaseTTL()))
+			retResp.AddWarning(fmt.Sprintf("Period of %d seconds is greater than current mount/system default of %d seconds, value will be truncated.", int64(resp.Auth.TTL.Seconds()), int64(sysView.MaxLeaseTTL().Seconds())))
 			resp.Auth.Period = sysView.MaxLeaseTTL()
 		}
 		resp.Auth.TTL = resp.Auth.Period
 	case resp.Auth.TTL > time.Duration(0):
 		// Cap TTL value to the sys/mount max value
 		if resp.Auth.TTL > sysView.MaxLeaseTTL() {
-			retResp.AddWarning(fmt.Sprintf("TTL of %s is greater than current mount/system default of %s, value will be truncated.", resp.Auth.TTL, sysView.MaxLeaseTTL()))
+			retResp.AddWarning(fmt.Sprintf("TTL of %d seconds is greater than current mount/system default of %d seconds, value will be truncated.", int64(resp.Auth.TTL.Seconds()), int64(sysView.MaxLeaseTTL().Seconds())))
 			resp.Auth.TTL = sysView.MaxLeaseTTL()
 		}
 	}
diff --git a/vault/token_store.go b/vault/token_store.go
index 51dbf3e645f8..0f6e00d28bf3 100644
--- a/vault/token_store.go
+++ b/vault/token_store.go
@@ -1893,6 +1893,12 @@ func (ts *TokenStore) handleCreateCommon(ctx context.Context, req *logical.Reque
 	sysView := ts.System()
 
 	if periodToUse > 0 {
+		// Cap period value to the sys/mount max value; this matches behavior
+		// in expiration manager for renewals
+		if periodToUse > sysView.MaxLeaseTTL() {
+			resp.AddWarning(fmt.Sprintf("Period of %d seconds is greater than current mount/system default of %d seconds, value will be truncated.", int64(periodToUse.Seconds()), int64(sysView.MaxLeaseTTL().Seconds())))
+			periodToUse = sysView.MaxLeaseTTL()
+		}
 		te.TTL = periodToUse
 	} else {
 		// Set the default lease if not provided, root tokens are exempt