First a big thank you to Qualys for providing the ssllabs service! It helps a lot making the internet a safer place.
Fashion website https://www.bandolera.com/ gets an A score, but fails to open in Firefox 31.0 with an OCSP error.
The reason for this OCSP error in Firefox is that Bandolera includes obsolete OCSP stapling information, and the recent Mozilla switch to "mozilla::pkix" apparently skips an online OCSP check. The OCSP stapling data currently returned by bandolera.com is time-stamped 2014-02-18 09:22:32 (UTC), while a OCSP validating certificate is included that is valid upto 2014-04-06 23:59:59 (UTC).
Note: the site opens without errors in Firefox by configuring one of the about:config settings 'security.ssl.enable_ocsp_stapling=false' or 'security.use_mozillapkix_verification=false' (returning Firefox to the old behavior).
Although I expect that it will be a lot of work, it would be nice if ssllabs.com could provide information on correctly/misconfigured OCSP stapling!
Erik van Straten
PS I did not find the issue with Bandolera myself, it was reported by a user "Serleena" (in Dutch) at Nieuwe certificaatcontrole aan Mozilla Firefox toegevoegd - Security.NL.