diff --git a/Lib/ssl.py b/Lib/ssl.py
index bfeb559f82c..96b62815853 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -365,7 +365,7 @@ def DER_cert_to_PEM_cert(der_cert_bytes):
         # preferred because older API gets line-length wrong
         f = base64.standard_b64encode(der_cert_bytes)
         return (PEM_HEADER + '\n' +
-                textwrap.fill(f, 64) +
+                textwrap.fill(f, 64) + '\n' +
                 PEM_FOOTER + '\n')
     else:
         return (PEM_HEADER + '\n' +
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 7c32c1b09f1..feb6f50eb4a 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -113,6 +113,10 @@ class BasicTests(unittest.TestCase):
         p2 = ssl.DER_cert_to_PEM_cert(d1)
         d2 = ssl.PEM_cert_to_DER_cert(p2)
         self.assertEqual(d1, d2)
+        if not p2.startswith(ssl.PEM_HEADER + '\n'):
+            self.fail("DER-to-PEM didn't include correct header:\n%r\n" % p2)
+        if not p2.endswith('\n' + ssl.PEM_FOOTER + '\n'):
+            self.fail("DER-to-PEM didn't include correct footer:\n%r\n" % p2)
 
     def test_openssl_version(self):
         n = ssl.OPENSSL_VERSION_NUMBER
diff --git a/Misc/ACKS b/Misc/ACKS
index af56dd4997b..162bf9ba83c 100644
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -780,6 +780,7 @@ Michael Urman
 Hector Urtubia
 Andi Vajda
 Case Van Horsen
+Kyle VanderBeek
 Atul Varma
 Dmitry Vasiliev
 Alexandre Vassalotti
diff --git a/Misc/NEWS b/Misc/NEWS
index 7ba33ba12a9..929a246eaeb 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -27,6 +27,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #8086: In :func:`ssl.DER_cert_to_PEM_cert()`, fix missing newline
+  before the certificate footer.  Patch by Kyle VanderBeek.
+
 - Issue #8546: Reject None given as the buffering argument to _pyio.open.
 
 - Issue #8549: Fix compiling the _ssl extension under AIX.  Patch by