You could use Wireshark to dump the handshake, then convert the binary data to PEM with openssl, as suggested by @grawity in a similar question at superuser:
Sadly, wpa_supplicant doesn't have an option to dump the certificates even in debug mode. (I'll update this if I find a better way.) You can still monitor the actual EAPOL authentication process, though. First, install Wireshark.
While disconnected, bring the interface up manually and start a capture on it:
$ sudo ip link set wlan0 up
$ wireshark -ki wlan0 &
Start wpa_supplicant and soon you'll see the TLS handshake:
The server will send its certificates immediately after ServerHello. Select the first such packet, then dig into:
802.1X
└─Extensible Authentication Protocol
└─Secure Sockets Layer
└─Handshake Protocol: Certificatte
└─Certificates
Right-click the first instance of "Certificate (stuff)" and choose "Export selected packet bytes". Wireshark will save it as a file, in binary DER format. Repeat this for all other certificates. The topmost one (RADIUS server's) has information that you can configure in altsubject_match; the last one (root CA) should be given to wpa_supplicant as ca_cert.
Now you have a few *.crt or *.der files in binary DER format. Convert them to PEM "text" format:
openssl x509 -inform DER < mycert.der > mycert.pem
(If your wpa_supplicant is using OpenSSL as the TLS handler, you must give it the "root CA" certificate; giving it the server's certificate won't work.
Note that it's also possible that the last certificate seen in Wireshark won't be of a root CA, but only issued by one of the root CAs in your /etc/ssl/certs directory... If that's the case, be sure to set altsubject_match as well – using public CAs would be insecure otherwise, since 802.1X unfortunately does not know what "hostname" to verify against, the way e.g. HTTPS would.)
