In order to permanently remove an AP from a centrally managed WLAN infrastructure, the certificates in the SCEP client have to be either deleted or revoked.
- If you have access to the AP, the certificates are quickly deleted by resetting the device.
- If the device has been stolen and consequently needs to be removed from the WLAN infrastructure, then the certificates in the WLC's CA have to be revoked. This is done in WEBconfig by navigating to and accessing the Certificate status table. Here you delete the certificate for the MAC address of the APs which are to be removed from the WLAN infrastructure. The certificates are not actually deleted, but they are marked as expired.
Important: In case of a backup solution featuring redundant WLCs, the certificates have to be revoked in all of the WLCs!
