Trim whitespace before comparing certificate chains

CHANGELOG.md

@@ -132,6 +132,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - [#4393](https://github.com/apache/trafficcontrol/issues/4393) *Traffic Ops* Fixed the error code and alert structure when TO is queried for a delivery service with no ssl keys.
 - [#7590](https://github.com/apache/trafficcontrol/issues/7590) *Traffic Control Cache Config (t3c)* Fixed issue with git detected dubious ownership in repository.
 - [#7575](https://github.com/apache/trafficcontrol/pull/7575) *Traffic Ops* Fixes `types` v5 apis to respond with `RFC3339` date/time Format.
+- [#7628](https://github.com/apache/trafficcontrol/pull/7628) *Traffic Ops* Fixes an issue where certificate chain validation failed based on leading or trailing whitespace.
 
 ### Removed
 - [#7271](https://github.com/apache/trafficcontrol/pull/7271) Remove components in `infrastructre/docker/`, not in use as cdn-in-a-box performs the same functionality.

traffic_ops/traffic_ops_golang/deliveryservice/keys.go

@@ -136,7 +136,7 @@ func AddSSLKeys(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	api.WriteResp(w, r, "Successfully added ssl keys for "+*req.DeliveryService)
+	api.WriteRespAlert(w, r, tc.SuccessLevel, "Successfully added ssl keys for "+*req.DeliveryService)
 }
 
 // GetSSlKeyExpirationInformation gets expiration information for all SSL certificates.
@@ -539,6 +539,8 @@ func verifyCertKeyPair(pemCertificate string, pemPrivateKey string, rootCA strin
 		block := &pem.Block{Type: "CERTIFICATE", Bytes: link.Raw}
 		pemEncodedChain += string(pem.EncodeToMemory(block))
 	}
+	pemCertificate = strings.TrimSpace(pemCertificate)
+	pemEncodedChain = strings.TrimSpace(pemEncodedChain)
 
 	if len(pemEncodedChain) < 1 {
 		return "", "", false, false, false, errors.New("invalid empty certificate chain in request")