The change I had to make is deep in WP. Its in wp-includes/http.php. In WP 2.7.1 its around line 1005 and I added the code:
curl_setopt( $handle, CURLOPT_SSL_VERIFYPEER, FALSE);
As the admins and I continue to research this, its starting to appear that, specially, the Windows implementation of cURL doesn't have a default location for it to find the certs like it does on *nix platforms. If that's true, then SSL with cURL would always fail unless the application programmer sets a cURL option that specifically points to a dir/file with the certs in it. We're still investigating this.