I asked about this in the conda-forge gitter channel and got a response after a few days:
No worries, @ngoldbaum. So we package our certificates in a separate package called ca-certificates. They are just extracted from the certifi Python package and relocated to allow things like openssl and curl to find them. This differs from Continuum (or at least last time I checked), which has them bundled with openssl. The first thing I'd have him check is that package installed and can Python find them, python -c "import ssl; print(ssl.get_default_verify_paths())". If the answer is no, then that is likely a problem. If the answer is yes, then maybe it has something to do with how this redirection is being handled.
So you should check to see if a package named ca-certificates is installed in your conda environment. If it is, you should also check the output of ssl.get_default_verify_paths(). If it turns out that your python can't find the CA certificates store, that's your issue. If it turns out that python is locating the CA certificates, then this might be due to a bug in how conda-forge or continuum have decided to handle this issue.
Unfortunately kind of a headache. I hope you're able to figure this out :)