Standalone ORDS installation

Introduction
1 Test environment
2 Install Java 17
3 Install ORDS
3.1 Create ords config and logs directories
3.2 Create an environment file
3.3 Create a self signed certificate
3.4 Convert the private key to DER format
3.5 Apply the environment file
3.6 Run the ords installer
4 Create ORDS startup and shutdown scripts
5 Configure firewall
6 Enable a schema for ORDS
7 Start ORDS
8 Access the ORDS url
9 Using an existing ORDS installation (e.g. for APEX)
10 Useful links

Introduction

This post explains how to install and configure ORDS in the standalone mode. Standalone mode relies on the built-in Jetty HTTP server and does not require installation of other technology stack components.

1 Test environment

I installed ORDS on top of the following technology stack:

Operating system: Oracle Linux 8
Oracle Database 19c with one pluggable database

Note: This guide also works on Oracle Linux 7, which is still common for EBS R12.2 environments. See the note in section 3.3 for an OpenSSL compatibility adjustment required on OL7.

Prerequisites: Root or sudo access is required for creating directories under /u01, setting file ownership (chown), and configuring the firewall. The ORDS installation and configuration itself runs as the applmgr user.

2 Install Java 17

Download Java SE Development Kit 17.0.12 Linux x64 Compressed Archive

cd /u01
cp /downloads/jdk-17.0.12_linux-x64_bin.tar.gz .
tar -xzvf jdk-17.0.12_linux-x64_bin.tar.gz
mv jdk-17.0.12/ jdk
chown -R applmgr.oinstall jdk
rm -f jdk-17.0.12_linux-x64_bin.tar.gz

The JDK 17 home is: /u01/jdk

3 Install ORDS

mkdir -p /u01/ords
chown -R applmgr.oinstall /u01/ords
cd /u01/ords
wget https://download.oracle.com/otn_software/java/ords/ords-latest.zip
unzip ords-latest.zip
rm -f ords-latest.zip

3.1 Create ords config and logs directories

mkdir -p /u01/ords_config
mkdir -p /u01/ords_config/logs
chown -R applmgr.oinstall /u01/ords_config

3.2 Create an environment file

su - applmgr
vi ~/ORDS.env
 
export JAVA_HOME=/u01/jdk
export ORDS_HOME=/u01/ords/
export ORDS_CONFIG=/u01/ords_config
export PATH=/u01/ords/bin:$PATH
export _JAVA_OPTIONS="-Xms1126M -Xmx1126M"

3.3 Create a self signed certificate

mkdir -p /u01/ords_config/certificates
cd /u01/ords_config/certificates
 
openssl req -x509 -newkey rsa:2048 -sha256 -days 7300 -nodes 
-keyout ords_private_key.pem -out ords_certificate.pem -subj "/CN=r122.localdomain/O=Enginatics/OU=Development" 
-addext "subjectAltName=DNS:r122.localdomain"

Oracle Linux 7 / OpenSSL 1.0.x: The -addext option requires OpenSSL 1.1.1 or later. On older systems (e.g. OL7 with OpenSSL 1.0.2), use a config file instead:

cat &gt; /tmp/ords_cert.cnf &lt;&lt; 'EOF'
[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
x509_extensions = v3_req
 
[dn]
CN = r122.localdomain
O = Enginatics
OU = Development
 
[v3_req]
subjectAltName = DNS:r122.localdomain
EOF
 
openssl req -x509 -newkey rsa:2048 -sha256 -days 7300 -nodes 
-keyout ords_private_key.pem -out ords_certificate.pem 
-config /tmp/ords_cert.cnf
rm -f /tmp/ords_cert.cnf

Replace r122.localdomain with your server’s hostname in both approaches.

3.4 Convert the private key to the DER format required by ORDS installer

openssl pkcs8 -topk8 -inform PEM -outform DER -in ords_private_key.pem -out ords_private_key.der -nocrypt
openssl x509 -inform PEM -outform DER -in ords_certificate.pem -out ords_certificate.der

3.5 Apply the environment file

su - applmgr
source ~/ORDS.env

3.6 Run the ords installer

In the example below I changed protocol to HTTPS and provided the path to the self-signed certificate generated earlier.

[applmgr@r122_Local ~]$ ords --config /u01/ords_config install
 
Picked up _JAVA_OPTIONS: -Xms1126M -Xmx1126M
 
ORDS: Release 25.3 Production on Wed Oct 29 12:29:31 2025
 
Copyright (c) 2010, 2025, Oracle.
 
Configuration:
  /u01/ords_config
 
The configuration folder /u01/ords_config does not contain any configuration files.
 
Oracle REST Data Services - Interactive Install
 
  Enter a number to select the TNS net service name to use. Total TNS net service names are 12. Showing only the first 9 TNS net service names from /u01/install/APPS/fs1/inst/apps/EBSDB_apps/ora/10.1.2/network/admin/tnsnames.ora. Additional option to Specify the database connection.
    [1] EBSDB        SERVICE_NAME=ebs_EBSDB
    [2] EBSDB_BALANCE SERVICE_NAME=ebs_EBSDB
    [3] EBSDB_FO     SERVICE_NAME=ebs_EBSDB
    [4] EBSDB_FO_PATCH SERVICE_NAME=EBSDB_ebs_patch
    [5] EBSDB_PATCH  SERVICE_NAME=EBSDB_ebs_patch
    [6] FNDFS_APPLTOP_APPS SID=FNDFS
    [7] FNDFS_APPS   SID=FNDFS
    [8] FNDFS_APPS.EXAMPLE.COM SID=FNDFS
    [9] FNDFS_EBSDB_APPS SID=FNDFS
    [S] Specify the database connection
    [T] Specify the TNS net service name
  Choose [1]: 1 <-- select your TNS alias
  Provide database user name with administrator privileges.
    Enter the administrator username: sys <-- database admin user
  Enter the database password for SYS AS SYSDBA: <-- enter SYS password
 
Retrieving information.
ORDS is not installed in the database. ORDS installation is required.
 
  Enter a number to update the value or select option A to Accept and Continue
    [1] Connection Type: TNS
    [2] TNS Connection: TNS_NAME=EBSDB TNS_FOLDER=/u01/install/APPS/fs1/inst/apps/EBSDB_apps/ora/10.1.2/network/admin
           Administrator User: SYS AS SYSDBA
    [3] Database password for ORDS runtime user (ORDS_PUBLIC_USER): 
    [4] ORDS runtime user and schema tablespaces:  Default: SYSAUX Temporary TEMP
    [5] Additional Feature: Database Actions
    [6] Configure and start ORDS in Standalone Mode: Yes
    [7]    Protocol: HTTP
    [8]       HTTP Port: 8080
    [A] Accept and Continue - Create configuration and Install ORDS in the database
    [Q] Quit - Do not proceed. No changes
  Choose [A]: 7 <-- change protocol
  Enter a number to select the protocol
    [1] HTTP
    [2] HTTPS
  Choose [1]: 2 <-- select HTTPS
  Enter the HTTPS port [8443]:8443 <-- HTTPS port
  Enter a number to select the certificate type
    [1] Use self-signed certificate (generates automatically)
    [2] Use my SSL certificate (requires SSL certificate and SSL certificate private key)
  Choose [1]: 2 <-- use custom certificate
  Enter the path for the SSL Certificate: /u01/ords_config/certificates/ords_certificate.der
  Enter the path for the SSL Certificates private key: /u01/ords_config/certificates/ords_private_key.der
  Enter a number to update the value or select option A to Accept and Continue
    [1] Connection Type: TNS
    [2] TNS Connection: TNS_NAME=EBSDB TNS_FOLDER=/u01/install/APPS/fs1/inst/apps/EBSDB_apps/ora/10.1.2/network/admin
           Administrator User: SYS AS SYSDBA
    [3] Database password for ORDS runtime user (ORDS_PUBLIC_USER): 
    [4] ORDS runtime user and schema tablespaces:  Default: SYSAUX Temporary TEMP
    [5] Additional Feature: Database Actions
    [6] Configure and start ORDS in Standalone Mode: Yes
    [7]    Protocol: HTTPS
    [8]       HTTPS Port: 8443
    [9]    Certificate Type: Use my SSL Certificate
    [10]      Path for the SSL Certificate: /u01/ords_config/certificates/ords_certificate.der
    [11]      Path for the SSL Certificate private key: /u01/ords_config/certificates/ords_private_key.der
    [A] Accept and Continue - Create configuration and Install ORDS in the database
    [Q] Quit - Do not proceed. No changes
  Choose [A]: A <-- accept and install
The setting named: db.connectionType was set to: tns in configuration: default
The setting named: db.tnsAliasName was set to: EBSDB in configuration: default
The setting named: db.tnsDirectory was set to: /u01/install/APPS/fs1/inst/apps/EBSDB_apps/ora/10.1.2/network/admin in configuration: default
The setting named: db.username was set to: ORDS_PUBLIC_USER in configuration: default
The setting named: db.password was set to: ****** in configuration: default
The setting named: feature.sdw was set to: true in configuration: default
The global setting named: database.api.enabled was set to: true
The setting named: restEnabledSql.active was set to: true in configuration: default
The global setting named: standalone.https.port was set to: 8443
The global setting named: standalone.https.cert was set to: /u01/ords_config/certificates/ords_certificate.der
The global setting named: standalone.https.cert.key was set to: /u01/ords_config/certificates/ords_private_key.der
The global setting named: standalone.doc.root was set to: /u01/ords_config/global/doc_root
The setting named: security.requestValidationFunction was set to: ords_util.authorize_plsql_gateway in configuration: default
2025-10-29T12:30:13.214Z INFO        Created folder /u01/ords_config/certificates/logs
2025-10-29T12:30:13.217Z INFO        The log file is defaulted to the current working directory located at /u01/ords_config/certificates/logs
2025-10-29T12:30:13.411Z INFO        Installing Oracle REST Data Services version 25.3.1.r2891312 in EBSDB
2025-10-29T12:30:19.612Z INFO        ... Verified database prerequisites
2025-10-29T12:30:20.634Z INFO        ... Created Oracle REST Data Services proxy user
2025-10-29T12:30:21.610Z INFO        ... Created Oracle REST Data Services schema
2025-10-29T12:30:23.759Z INFO        ... Granted privileges to Oracle REST Data Services
2025-10-29T12:30:34.947Z INFO        ... Created Oracle REST Data Services database objects

[applmgr@r122_Local ~]$ ords --config /u01/ords_config install Picked up _JAVA_OPTIONS: -Xms1126M -Xmx1126M ORDS: Release 25.3 Production on Wed Oct 29 12:29:31 2025 Copyright (c) 2010, 2025, Oracle. Configuration: /u01/ords_config The configuration folder /u01/ords_config does not contain any configuration files. Oracle REST Data Services - Interactive Install Enter a number to select the TNS net service name to use. Total TNS net service names are 12. Showing only the first 9 TNS net service names from /u01/install/APPS/fs1/inst/apps/EBSDB_apps/ora/10.1.2/network/admin/tnsnames.ora. Additional option to Specify the database connection. [1] EBSDB SERVICE_NAME=ebs_EBSDB [2] EBSDB_BALANCE SERVICE_NAME=ebs_EBSDB [3] EBSDB_FO SERVICE_NAME=ebs_EBSDB [4] EBSDB_FO_PATCH SERVICE_NAME=EBSDB_ebs_patch [5] EBSDB_PATCH SERVICE_NAME=EBSDB_ebs_patch [6] FNDFS_APPLTOP_APPS SID=FNDFS [7] FNDFS_APPS SID=FNDFS [8] FNDFS_APPS.EXAMPLE.COM SID=FNDFS [9] FNDFS_EBSDB_APPS SID=FNDFS [S] Specify the database connection [T] Specify the TNS net service name Choose [1]: 1 <-- select your TNS alias Provide database user name with administrator privileges. Enter the administrator username: sys <-- database admin user Enter the database password for SYS AS SYSDBA: <-- enter SYS password Retrieving information. ORDS is not installed in the database. ORDS installation is required. Enter a number to update the value or select option A to Accept and Continue [1] Connection Type: TNS [2] TNS Connection: TNS_NAME=EBSDB TNS_FOLDER=/u01/install/APPS/fs1/inst/apps/EBSDB_apps/ora/10.1.2/network/admin Administrator User: SYS AS SYSDBA [3] Database password for ORDS runtime user (ORDS_PUBLIC_USER): [4] ORDS runtime user and schema tablespaces: Default: SYSAUX Temporary TEMP [5] Additional Feature: Database Actions [6] Configure and start ORDS in Standalone Mode: Yes [7] Protocol: HTTP [8] HTTP Port: 8080 [A] Accept and Continue - Create configuration and Install ORDS in the database [Q] Quit - Do not proceed. No changes Choose [A]: 7 <-- change protocol Enter a number to select the protocol [1] HTTP [2] HTTPS Choose [1]: 2 <-- select HTTPS Enter the HTTPS port [8443]:8443 <-- HTTPS port Enter a number to select the certificate type [1] Use self-signed certificate (generates automatically) [2] Use my SSL certificate (requires SSL certificate and SSL certificate private key) Choose [1]: 2 <-- use custom certificate Enter the path for the SSL Certificate: /u01/ords_config/certificates/ords_certificate.der Enter the path for the SSL Certificates private key: /u01/ords_config/certificates/ords_private_key.der Enter a number to update the value or select option A to Accept and Continue [1] Connection Type: TNS [2] TNS Connection: TNS_NAME=EBSDB TNS_FOLDER=/u01/install/APPS/fs1/inst/apps/EBSDB_apps/ora/10.1.2/network/admin Administrator User: SYS AS SYSDBA [3] Database password for ORDS runtime user (ORDS_PUBLIC_USER): [4] ORDS runtime user and schema tablespaces: Default: SYSAUX Temporary TEMP [5] Additional Feature: Database Actions [6] Configure and start ORDS in Standalone Mode: Yes [7] Protocol: HTTPS [8] HTTPS Port: 8443 [9] Certificate Type: Use my SSL Certificate [10] Path for the SSL Certificate: /u01/ords_config/certificates/ords_certificate.der [11] Path for the SSL Certificate private key: /u01/ords_config/certificates/ords_private_key.der [A] Accept and Continue - Create configuration and Install ORDS in the database [Q] Quit - Do not proceed. No changes Choose [A]: A <-- accept and install The setting named: db.connectionType was set to: tns in configuration: default The setting named: db.tnsAliasName was set to: EBSDB in configuration: default The setting named: db.tnsDirectory was set to: /u01/install/APPS/fs1/inst/apps/EBSDB_apps/ora/10.1.2/network/admin in configuration: default The setting named: db.username was set to: ORDS_PUBLIC_USER in configuration: default The setting named: db.password was set to: ****** in configuration: default The setting named: feature.sdw was set to: true in configuration: default The global setting named: database.api.enabled was set to: true The setting named: restEnabledSql.active was set to: true in configuration: default The global setting named: standalone.https.port was set to: 8443 The global setting named: standalone.https.cert was set to: /u01/ords_config/certificates/ords_certificate.der The global setting named: standalone.https.cert.key was set to: /u01/ords_config/certificates/ords_private_key.der The global setting named: standalone.doc.root was set to: /u01/ords_config/global/doc_root The setting named: security.requestValidationFunction was set to: ords_util.authorize_plsql_gateway in configuration: default 2025-10-29T12:30:13.214Z INFO Created folder /u01/ords_config/certificates/logs 2025-10-29T12:30:13.217Z INFO The log file is defaulted to the current working directory located at /u01/ords_config/certificates/logs 2025-10-29T12:30:13.411Z INFO Installing Oracle REST Data Services version 25.3.1.r2891312 in EBSDB 2025-10-29T12:30:19.612Z INFO ... Verified database prerequisites 2025-10-29T12:30:20.634Z INFO ... Created Oracle REST Data Services proxy user 2025-10-29T12:30:21.610Z INFO ... Created Oracle REST Data Services schema 2025-10-29T12:30:23.759Z INFO ... Granted privileges to Oracle REST Data Services 2025-10-29T12:30:34.947Z INFO ... Created Oracle REST Data Services database objects

Non-interactive alternative: Instead of the interactive installer, you can run the install and configure HTTPS using command-line options. This is useful for scripted or automated deployments:

source ~/ORDS.env
 
# Install ORDS into the database (enter the SYS password when prompted)
ords --config /u01/ords_config install 
  --admin-user "sys as sysdba" 
  --db-tns-alias EBSDB 
  --db-tns-dir /u01/install/APPS/fs1/inst/apps/EBSDB_apps/ora/10.1.2/network/admin 
  --log-folder /u01/ords_config/logs
 
# Configure HTTPS
ords --config /u01/ords_config config set standalone.https.port 8443
ords --config /u01/ords_config config set standalone.https.cert /u01/ords_config/certificates/ords_certificate.der
ords --config /u01/ords_config config set standalone.https.cert.key /u01/ords_config/certificates/ords_private_key.der
ords --config /u01/ords_config config set standalone.doc.root /u01/ords_config/global/doc_root

For fully unattended installs, you can pipe the password via --password-stdin. See the ORDS documentation for details.

4 Create ORDS startup and shutdown scripts

vi start_ords.sh
 
export JAVA_HOME=/u01/jdk
export ORDS_HOME=/u01/ords/
export ORDS_CONFIG=/u01/ords_config
export PATH=/u01/ords/bin:$PATH
export _JAVA_OPTIONS="-Xms1126M -Xmx1126M"
LOGFILE=/u01/ords_config/logs/ords-`date +"%Y""%m""%d"`.log
nohup ${ORDS_HOME}/bin/ords --config ${ORDS_CONFIG} serve >> $LOGFILE 2>&1 &
echo "View log file with : tail -f $LOGFILE"
 
 
vi stop_ords.sh
 
#!/bin/bash
kill -9 `ps -ef | grep [o]rds.war | awk '{print $2}'`
 
chmod u+x start_ords.sh stop_ords.sh

5 Configure firewall

Add the ORDS https port to the allowed ports:

firewall-cmd --permanent --zone=your_custom_zone --add-port=8443/tcp
firewall-cmd --reload

6 Enable a schema for ORDS

The Blitz Report installation script automatically enables the custom application schema (e.g. XXEN) for ORDS during installation. This step is only needed if you want to enable a schema manually, for example when troubleshooting or configuring ORDS for other applications.

The ORDS schema serves as a lightweight proxy — it only needs execute permission on a single APPS package and does not require direct access to any EBS tables. For security reasons, the Blitz Report installation always uses the custom application schema for ORDS, never the APPS schema.

Run the following command, replacing XXXX with the schema name you want to use.

sqlplus apps/****
 
BEGIN
  ords_admin.enable_schema(
    p_enabled             => TRUE,
    p_schema              => 'XXXX',
    p_url_mapping_type    => 'BASE_PATH',
    p_url_mapping_pattern => NULL,
    p_auto_rest_auth      => NULL
  );
END;
/

7 Start ORDS

./start_ords.sh

8 Access the ORDS url

The URL depends on your server host name, protocol and port that you chose. In my case it was:

https://r122.localdomain:8443/ords/

Important: The URL must use the exact hostname specified in the SSL certificate’s CN/SAN field (e.g. r122.localdomain). Connecting via localhost or an IP address will result in an “HTTP ERROR 400 Invalid SNI” error due to ORDS SNI (Server Name Indication) validation.

9 Using an existing ORDS installation (e.g. for APEX)

If your environment already has ORDS installed — for example, for Oracle APEX — you do not need to install ORDS again. The Blitz Report installation script will automatically enable the custom application schema and configure the required endpoints.

10 Useful links

You may find more information on ORDS on these links:

https://redstack.dev/2022/05/17/installing-oracle-rest-data-services/
https://blog.cloudnueva.com/running-ords-standalone-mode
https://www.thatjeffsmith.com/archive/2024/06/ords-installs-upgrades-the-tns-edition/
https://oracle-base.com/articles/misc/oracle-rest-data-services-ords-installation-on-tomcat-22-onward
https://oracle-base.com/articles/misc/oracle-rest-data-services-ords-standalone-mode-22-onward
https://docs.oracle.com/en/database/oracle/oracle-rest-data-services/25.2/ordig/installing-and-configuring-oracle-rest-data-services.html#GUID-2D13E9CD-EB0C-4CE7-82B8-45BD5C62897B

Author: Alexander Pavlik

Find out more

Features

Discover how Blitz Report™ simplifies report creation out of the Oracle E-Business Suite.

Download

Blitz Report™ is completely free
up to 30 different reports

FAQ

What is Blitz Report™?
Why do I need Blitz Report™?