Why can't devices come pre-installed with SSL certificates?

Packaging up a ready-to-go solution at first seems like a great idea. However, pre-installing SSL certificates on devices is bad for consumers, for the following reasons:

• Each SSL certificate has an expiration date. As soon as the certificate is created, the clock starts ticking towards expiration. If a product sits on a retailer's shelf for 3 months, then the customer "loses" this time.
• When a certificate expires, the owner needs a new signed certificate. Therefore, the product requires a mechanism that creates a new certificate and installs it when it is signed. Since this mechanism must exist for renewal, it is efficient to use it for the initial certificate too.
• An SSL certificate includes a hostname. However, it's best if the user can choose a meaningful hostname after purchasing the product. Alternatively, if the company that develops the product uses generic domain names for the certificates, the customer will not feel a sense of ownership of the Web site.