You can't create the csr in the device for 4096, but you can create the csr/private key detail offline, submit that to the CA, and import the resulting certificate through the certificate import interface in which the cert & private key are separate files
