Enabling FIPS on Ubuntu 22.04 machines with the pro client removes the RSA 1024 cipher from the host because it is not FIPS compliant. Some apt keys are sadly still signed with RSA 1024 (see here for more details) so these therefore can't be added on FIPS enabled Ubuntu 22.04 machines.
I've asked if maintainers could resign apt keys for relevant repos but haven't heard back. I worry that I'm held to the whims of the apt repo maintainers (of whom I'm thankful for) if there's nothing I can do on my end.
I've tried adding the apt keys before enabling FIPS. This works, but subsequent apt updates fail presumably because apt needs to use the keys again.
I've been looking into what ciphers were removed before and after enabling FIPS with the openssl cipher command, but I'm not sure which relevant cipher was removed or if it even makes sense to add back in.