In the new documentation under http://docs.graylog.org/en/3.0/pages/sidecar.html#secure-sidecar-communication.
Previously if we use a internal CA, we would put the internal CA to client instance and the sidecar would be able to trust the presented certificate signed by the internal CA for the Graylog Input. By configuring where the internal CA file is for the Beats Output configuration.
However with the new graylog, it seems this configuration is lost?