Please find the Solution to this Issue here;
1. TrustAssured will Reject all Unsigned OCSP requests and so you would need an OCSP Signer Credential for Signing your OCSP URL.
2. TrustAssured Policy (Based on Identrust policy) that the Credentials to be stored in an HSM.
3. TrustAssured requires the relying party to buy a certificate (Approx. 1100 GBP / 3Years).
4. The HSM Needs to Comply with FIPS Level 3, which means it rules out storing the Signing Credential inside ALC.
Now to the Solution:-
Once you have purchased the OCSP Signer Credential and moved it to the HSM, Configure the same in Admin Console under the HSM Settings.
FIPS Settings Should be UNCHECKED in the SignatureService Configuration as well.
While doing a Revocation Check on the PDF signed with a TrustAssured Signature, have the Following Settings in place for OCSP Option Spec.
<ser:OCSPOptionSpec>
<ser:URLtoConsultOption>UseAIAInCert</ser:URLtoConsultOption>
<ser:allowOCSPNoCheck>true</ser:allowOCSPNoCheck><!-- This Needs to be True as well -->
<ser:doSignRequest>true</ser:doSignRequest><!-- Set to Sign the OCSP Request -->
<ser:ignoreValidityDates>false</ser:ignoreValidityDates>
<ser:maxClockSkew>3</ser:maxClockSkew>
<ser:ocspServerURL/>
<ser:requestSignerCredentialAlias>OCSPSIGNERCREDENTIAL</ser:requestSignerCredentialAlias><!-- Credential Stored in HSM Device -->
<ser:requireOCSPCertHash>false</ser:requireOCSPCertHash>
<ser:responseFreshness>5</ser:responseFreshness>
<ser:revocationCheckStyle>AlwaysCheck</ser:revocationCheckStyle>
<ser:sendNonce>true</ser:sendNonce>
</ser:OCSPOptionSpec>
This would Solve your Issue with the IDENTRUS_OCSP_COMPLIANCE_FAILED Error.
PS: You have to Configure the Chain Certificates as well on the ALC TrustStore.
Cheers
Mahesh Krishnan