SQL Server 2019: master db -- How to recreate ##MS_SchemaSigningCertificate in 2048 bits. VA1223

Question

The new SQL Vulnerability assessments are flagging our database with "VA1223: Certificate keys should use at least 2048 bits" (FedRAMP Benchmark).

https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-database-vulnerability-assessment-rules?view=azuresql

I've run:

SELECT name, issuer_name, cert_serial_number, subject, thumbprint FROM sys.certificates
WHERE key_length < 2048

And I can see that there is exactly one cert, ##MS_SchemaSigningCertificate that is in master db that is not up to spec.

The database was upgraded from SQL 2014 to SQL 2019. I kept current with the Cumulative updates and installed CU 16 (15.0.4223.1) in hopes that it would be something MS addressed, given the security flag is relatively recent. Seems that MasterDB is pretty fundamental and the cert that signed the schemas is pretty low level.

Does anyone know of a way to fix the certificate and associated keys? You can't just drop this certificate.

I've considered rebuilding masterdb from SQL Setup as below, however I wonder about unforeseen consequences to doing so.

https://learn.microsoft.com/en-us/sql/relational-databases/databases/rebuild-system-databases?view=sql-server-ver15

Thanks