There are two options that allows you to disable the Certificate Login of the Policy Manager:
Login to the Policy Manager as Administrator and revoke the Certificate for the User in question.
Open the privileged shell on the Gateway and execute following MySQL commands (please take care that you have a valid backup before you run any of these commands against the database):
mysql ssg -e "delete from client_cert where login='login name here' limit 1;"
mysql ssg -e "update internal_user set properties=NULL where login='login name here' limit 1;"