I seem to have discovered another scenario which is not covered by all the possible causes listed here. Inexplicably, even turning of ssl_verify had no effect and kept producing the same SSLError. set SSL_NO_VERIFY=1 also had no effect.
It turns out that this is due the REQUESTS_CA_BUNDLE variable that we have set to the standard corporate certificate bundle. It includes zscaler proxy certificates etc. and other internal CAs needed for everyday development. But apparently our internal Anaconda repository uses its own certificate that is not covered by this bundle.
I guess the only surprising part here was the precedence. I was incorrectly expecting at least the conda specific environment variable (if not the .condarc setting) to override any other implicit ones like the requests library variable.
So, a quick way to debug this in my case was to temporarily remove the requests variable while I request for the anaconda certificate to be added to the corporate bundle:
set REQUESTS_CA_BUNDLE=Of course, a better fix is to configure the individual certificate explicitly as shown in other answers:
conda config --set ssl_verify "C:\ProgramData\condaRepoCert.pem"