So my question is, why is keytool not recognizing the keysize option?
Well, what it should do is report an error because -keysize does not make any sense in the -certreq subcommand. Instead, it just silently ignores it. You probably are just recreating a CSR from your original old server key.
If you want to generate a new certificate request you must do it in two steps:
1) Generate a new keypair using the -genkeypair subcommand. With this subcommand you may specify a key size (-keysize) and an alias (-alias), and you must also specify the distinguished name that will appear in the CSR.
2) Generate the CSR with the -certreq subcommand and the same alias specified in 1.
Nice to meet you.
how do I do my own kindle-like thing - without amazon