diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/KeyStoreScanner.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/KeyStoreScanner.java
index 3c4197552d4b..ab05174cab06 100644
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/KeyStoreScanner.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/KeyStoreScanner.java
@@ -104,6 +104,17 @@ public void fileRemoved(String filename)
             reload();
     }
 
+    @ManagedOperation(value = "Scan for changes in the SSL Keystore", impact = "ACTION")
+    public void scan()
+    {
+        if (LOG.isDebugEnabled())
+            LOG.debug("scanning");
+
+        // TODO: why do we have to scan twice to get it to report any changes?
+        _scanner.scan();
+        _scanner.scan();
+    }
+
     @ManagedOperation(value = "Reload the SSL Keystore", impact = "ACTION")
     public void reload()
     {
diff --git a/tests/test-integration/src/test/java/org/eclipse/jetty/test/KeyStoreScannerTest.java b/tests/test-integration/src/test/java/org/eclipse/jetty/test/KeyStoreScannerTest.java
index 1b54fdefae73..7d8fc63674cc 100644
--- a/tests/test-integration/src/test/java/org/eclipse/jetty/test/KeyStoreScannerTest.java
+++ b/tests/test-integration/src/test/java/org/eclipse/jetty/test/KeyStoreScannerTest.java
@@ -24,7 +24,6 @@
 import java.security.SecureRandom;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
-import java.time.Duration;
 import java.util.Calendar;
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.KeyManager;
@@ -57,10 +56,10 @@
 @ExtendWith(WorkDirExtension.class)
 public class KeyStoreScannerTest
 {
-    private static final int scanInterval = 1;
     public WorkDir testdir;
     private Server server;
     private Path keystoreDir;
+    private KeyStoreScanner keystoreScanner;
 
     @BeforeEach
     public void before()
@@ -99,8 +98,8 @@ public void start(Configuration configuration) throws Exception
         server.addConnector(connector);
 
         // Configure Keystore Reload.
-        KeyStoreScanner keystoreScanner = new KeyStoreScanner(sslContextFactory);
-        keystoreScanner.setScanInterval(scanInterval);
+        keystoreScanner = new KeyStoreScanner(sslContextFactory);
+        keystoreScanner.setScanInterval(0);
         server.addBean(keystoreScanner);
 
         server.start();
@@ -123,7 +122,7 @@ public void testKeystoreHotReload() throws Exception
 
         // Switch to use newKeystore which has a later expiry date.
         useKeystore("newKeystore");
-        Thread.sleep(Duration.ofSeconds(scanInterval * 2).toMillis());
+        keystoreScanner.scan();
 
         // The scanner should have detected the updated keystore, expiry should be renewed.
         X509Certificate cert2 = getCertificateFromServer();
@@ -143,7 +142,7 @@ public void testReloadWithBadKeystore() throws Exception
         try (StacklessLogging ignored = new StacklessLogging(KeyStoreScanner.class))
         {
             useKeystore("badKeystore");
-            Thread.sleep(Duration.ofSeconds(scanInterval * 2).toMillis());
+            keystoreScanner.scan();
         }
 
         // The good keystore is removed, now the bad keystore now causes an exception.
@@ -163,7 +162,7 @@ public void testKeystoreRemoval() throws Exception
         try (StacklessLogging ignored = new StacklessLogging(KeyStoreScanner.class))
         {
             useKeystore(null);
-            Thread.sleep(Duration.ofSeconds(scanInterval * 2).toMillis());
+            keystoreScanner.scan();
         }
 
         // The good keystore is removed, having no keystore causes an exception.
@@ -171,7 +170,7 @@ public void testKeystoreRemoval() throws Exception
 
         // Switch to use keystore2 which has a later expiry date.
         useKeystore("newKeystore");
-        Thread.sleep(Duration.ofSeconds(scanInterval * 2).toMillis());
+        keystoreScanner.scan();
         X509Certificate cert2 = getCertificateFromServer();
         assertThat(getExpiryYear(cert2), is(2020));
     }
@@ -195,7 +194,7 @@ public void testReloadChangingSymbolicLink() throws Exception
         // Change the symlink to point to the newKeystore file location which has a later expiry date.
         Files.delete(keystorePath);
         Files.createSymbolicLink(keystorePath, useKeystore("newKeystore"));
-        Thread.sleep(Duration.ofSeconds(scanInterval * 2).toMillis());
+        keystoreScanner.scan();
 
         // The scanner should have detected the updated keystore, expiry should be renewed.
         X509Certificate cert2 = getCertificateFromServer();
@@ -220,7 +219,7 @@ public void testReloadChangingTargetOfSymbolicLink() throws Exception
 
         // Change the target file of the symlink to the newKeystore which has a later expiry date.
         useKeystore("newKeystore");
-        Thread.sleep(Duration.ofSeconds(scanInterval * 2).toMillis());
+        keystoreScanner.scan();
 
         // The scanner should have detected the updated keystore, expiry should be renewed.
         X509Certificate cert2 = getCertificateFromServer();