TSS GENCERT(CERTSITE) DIGICERT(CEMCERT) SIGNWITH(CERTAUTH,SYS5TSS) SUBJECTN('C=US, O=CA, CN=mvsde29.lvn.broadcom.net')
KEYUSAGE('CERTSIGN DOCSIGN') KEYSIZE(4096)
TSS0472E INVALID PRIVATE KEY SIZE
Release : 16.0
Component : CA Top Secret for z/OS
KEYSIZE 4096 is supported by certain key types which is mentioned in the manual.
The signing cert also needs to have keysize of 4096.
If the keysize of the signing cert is not 4096, you will either need to use and existing one already out there or create a new one.