I couldn’t mark your answer as solution since I had posted my question in the feature category… now I have changed the category and marked your answer as solution…
My keys (including the certificate authority!) are either 4096 bit long or created by elliptic curve cryptography (using the secp521r1 curve)… I don’t know whether it would be possible to implement an key size option in nethserver. . I tried several things but it didn’t work… in particular, the key of the certificate authority (which is 2048 bits) was extremely difficult to change… it appears to be in some template (when I changed it manually (in /etc/pki/tls without renaming it), it suddenly restores itself (probably when using a signal-event command…).
And when I renamed the manually generated key, I wasn’t able to sign certificates automatically with the right new key (I changed, of course, the paths to the key in all files that obviously have something to do with this signment… probably I oversaw one…).
hence, I don’t know how complicated such an option would be to implement and whether someone is interested in it…!?