I found it sufficient to specify the pypi host as trusted. Example:
pip install --trusted-host pypi.python.org pytest-xdist
pip install --trusted-host pypi.python.org --upgrade pip
This solved the following error:
Could not fetch URL https://pypi.python.org/simple/pytest-cov/: There was a problem confirming the ssl certificate: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600) - skipping
Could not find a version that satisfies the requirement pytest-cov (from versions: )
No matching distribution found for pytest-cov
Update April 2018:
To anyone getting the TLSV1_ALERT_PROTOCOL_VERSION error: it has nothing to do with trusted-host/verification issue of the OP or this answer. Rather the TLSV1 error is because your interpreter does not support TLS v1.2, you must upgrade your interpreter. See for example https://news.ycombinator.com/item?id=13539034, http://pyfound.blogspot.ca/2017/01/time-to-upgrade-your-python-tls-v12.html and https://bugs.python.org/issue17128.
Update Feb 2019:
For some it may be sufficient to upgrade pip. If the above error prevents you from doing this, use get-pip.py. E.g. on Linux,
curl https://bootstrap.pypa.io/get-pip.py
sudo python get-pip.py
More details at https://pip.pypa.io/en/stable/installing/.