TSS GENCERTing a certificate with a KEYSIZE of 2048 but getting error message:

TSS0472E INVALID PRIVATE KEY SIZE

I am trying to generate a temp certificate with keysize 2048/RSA and a Subject Alternative Name of DOMAIN=<DOMAIN> , but I get an error telling me that I specified an in invalid keysize? note: This certificate will later be used as input to a GENREQ.

(error message)
TSS GENCERT(CERTSITE) DIGICERT(<DOMAIN>) SUBJECTN('O="<ORGNAME>" CN="<DOMAIN>" OU="<ORGUNITNAME>" C="<COUNTRYNAME>"') LABLCERT('<DOMAIN>') KEYUSAGE
(HANDSHAKE) KEYSIZE(2048) ALTNAME(DOMAIN=<DOMAIN>)
TSS0472E INVALID PRIVATE KEY SIZE
TSS0301I GENCERT FUNCTION FAILED, RETURN CODE = 4

Set CA Top Secret Control Option MAXKEYSIZE to 2048 and please make sure RO84901 is applied.