When you set up ebox-webserver and turn on SSL, it strongarms you into using the ebox CA to generate a certificate. After you've enabled SSL, you can't go back into the Certification Authority - Services Certificates and uncheck the Enable checkbox.
On a normal apache server:
/etc/apache2/sites-available/ holds the webserver configs.
/etc/apache2/ssl/ holds the webserver certs.
eBox with only the default virtual domain:
/etc/apache2/sites-available/default-ssl holds the SSL webserver config.
/etc/apache2/ssl/apache.pem holds the webserver cert.
So far I have not had eBox replace the cert on me (Core 1.5.7, CA 1.5.2, Webserver 1.5.3) but I also haven't reconfigured the module since then.
This might help though:
http://forum.ebox-platform.com/index.php?topic=2360.msg17011#msg17011